Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2018-15761/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2018-11-01T00:00:00
Updated: 2018-11-19T13:57:01
Reserved: 2018-08-23T00:00:00
Link: CVE-2018-15761
JSON object: View
NVD Information
Status : Modified
Published: 2018-11-19T14:29:00.467
Modified: 2019-10-09T23:35:51.987
Link: CVE-2018-15761
JSON object: View
Redhat Information
No data.
CWE