Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2019-3775 | Vendor Advisory |
Configurations
Information
Published : 2019-03-07 10:29
Updated : 2019-10-09 16:49
NVD link : CVE-2019-3775
Mitre link : CVE-2019-3775
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
cloudfoundry
- uaa_release