CVE-2018-15761 — Improper Privilege Management in Foundry UAA

4 documents4 sources

Severity

8.8HIGHNVD

CNA9.9

EPSS

0.5%

top 32.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloud Foundry UAA Cloud Foundry UAA Release Pivotal Software Cloud Foundry UAA +1 more

Timeline

PublishedNov 19

Latest updateMay 13

Description

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5cloud_foundry/uaa_releaseall versions — 64.0

▶NVDpivotal_software/cloudfoundry_uaa_release< 64.0

▶CVEListV5cloud_foundry/uaaall versions — 4.23.0

▶NVDpivotal_software/cloud_foundry_uaa< 4.23.0

🔴Vulnerability Details

GHSA

Cloud Foundry UAA Privilege Escalation↗2022-05-13

▶

OSV

Cloud Foundry UAA Privilege Escalation↗2022-05-13

▶

CVEList

UAA Privilege Escalation↗2018-11-19

▶