CVE-2019-3775
published 2019-03-07CVE-2019-3775: Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by…
PriorityP433medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
EPSS
0.88%
54.5th percentile
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloud_foundry | uaa_release | >= All < v70.0 | v70.0 |
| cloudfoundry | uaa_release | < 70.0 | 70.0 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-13721 chromium-browser: use-after-free in PDFium
bugzilla·2019-11-04·CVSS 8.8
CVE-2019-13721 [HIGH] CVE-2019-13721 chromium-browser: use-after-free in PDFium
CVE-2019-13721 chromium-browser: use-after-free in PDFium
An use after free flaw was found in the PDFium component of the Chromium browser.
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
https://crbug.com/1013868
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1768581]
Affects: fedora-all [bug 1768579]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:3775 https://access.redhat.com/errata/RHSA-2019:3775
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2019-13721
Bugzilla
CVE-2019-13720 chromium-browser: use-after-free in audio
bugzilla·2019-11-04·CVSS 8.8
CVE-2019-13720 [HIGH] CVE-2019-13720 chromium-browser: use-after-free in audio
CVE-2019-13720 chromium-browser: use-after-free in audio
An use after free flaw was found in the audio component of the Chromium browser.
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
https://crbug.com/1019226
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1768588]
Affects: fedora-all [bug 1768587]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:3775 https://access.redhat.com/errata/RHSA-2019:3775
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2019-13720
2019-03-07
Published