CVE-2024-38806Expected Behavior Violation in Foundry UAA

CWE-440Expected Behavior Violation3 documents3 sources
Severity
3.9LOWNVD
EPSS
0.0%
top 91.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cloud Foundry UAA
Timeline
PublishedJul 18

Description

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 0.5 | Impact: 3.4

Affected Packages1 packages

CVEListV5cloud_foundry/uaav77.10.0 and below

🔴Vulnerability Details

2
GHSA
GHSA-3r76-7gpf-jq4w: Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v402024-07-18
CVEList
UAA Failure to Remove Shadow User’s Access2024-07-18
CVE-2024-38806 — Expected Behavior Violation | cvebase