CVE-2018-15754
UAA can issue tokens across identity providers if users with matching usernames exist
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
Cloud Foundry UAA, en versiones 60 anteriores a la 66.0, contiene un error de lógica de autorización. En entornos con múltiples proveedores de identidad que contienen cuentas en varios proveedores de identidad con el mismo nombre de usuario, un usuario autenticado remoto con acceso a una de estas cuentas podría ser capaz de obtener un token para una cuenta del mismo nombre de usuario en el otro proveedor de identidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-23 CVE Reserved
- 2018-12-13 CVE Published
- 2023-12-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/106240 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.cloudfoundry.org/blog/cve-2018-15754 | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pivotal Software Search vendor "Pivotal Software" | Cloud Foundry Uaa-release Search vendor "Pivotal Software" for product "Cloud Foundry Uaa-release" | >= 60.0 < 66.0 Search vendor "Pivotal Software" for product "Cloud Foundry Uaa-release" and version " >= 60.0 < 66.0" | - |
Affected
|