Cloud Foundry Uaa Release vulnerabilities

CVE-2019-11293 [MEDIUM] CWE-532 CVE-2019-11293: Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_ Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.

CVE-2019-11290 [HIGH] CWE-532 CVE-2019-11290: Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access f Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

CVE-2019-11282 [MEDIUM] CWE-200 CVE-2019-11282: Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM inject Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

CVE-2019-11278 [HIGH] CWE-77 CVE-2019-11278: CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malic CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.

CVE-2019-11279 [HIGH] CWE-77 CVE-2019-11279: CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitt CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.

CVE-2019-11274 [MEDIUM] CWE-79 CVE-2019-11274: Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticate Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.

CVE-2019-11270 [HIGH] CWE-269 CVE-2019-11270: Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possess Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

CVE-2019-3794 [MEDIUM] CWE-284 CVE-2019-3794: Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endp Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.

CVE-2019-11268 [MEDIUM] CWE-200 CVE-2019-11268: Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An aut Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

CVE-2019-3787 [HIGH] CWE-840 CVE-2019-3787: Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the

CVE-2019-3801 [CRITICAL] CWE-494 CVE-2019-3801: Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an inse Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

CVE-2019-3788 [MEDIUM] CWE-601 CVE-2019-3788: Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.

CVE-2019-3775 [MEDIUM] CWE-290 CVE-2019-3775: Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remot Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.

CVE-2018-15754 [HIGH] CWE-863 CVE-2018-15754: Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other ident

CVE-2018-15761 [HIGH] CVE-2018-15761: Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a va Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.

CVE-2018-11082 [CRITICAL] CWE-307 CVE-2018-11082: Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA Release, all versions prior to 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.