org.cloudfoundry.identity%3Acloudfoundry-identity-uaa@4.7.0 vulnerabilities
-
latest version
4.30.0
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
5 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.cloudfoundry.identity%3Acloudfoundry-identity-uaa package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a Cloud Foundry User Account and Authentication plugin. Affected versions of this package are vulnerable to Denial of Service (DoS) in the client token revocation endpoint. A user for a particular client can revoke client tokens for other users on the same client if the target is using opaque tokens or JWT tokens validated using the How to fix Denial of Service (DoS)? Upgrade |
[,4.5.6)
[4.6.0,4.7.1)
|
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. Affected versions of this package are vulnerable to Authentication Bypass.
It was possible for an attacker to send requests to admin endpoints (i.e. |
[4.5.0,4.5.7)
[4.7.0,4.7.6)
[4.10.0,4.10.2)
[4.12.0,4.12.4)
[4.19.0,4.19.2)
|
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. Affected versions of this package are vulnerable to Open Redirects. It does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt. How to fix Open Redirect? Upgrade |
[4.6.0,4.7.5)
(4.7.5,4.10.1)
(4.10.1,4.19.0)
|
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. Affected versions of this package are vulnerable to Information Exposure. The SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user. How to fix Information Exposure? Upgrade |
[4.5.0,4.5.5)
[4.8.0,4.8.3)
[4.7.0,4.7.4)
|