org.cloudfoundry.identity%3Acloudfoundry-identity-uaa@4.7.1 vulnerabilities
-
latest version
4.30.0
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
5 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.cloudfoundry.identity%3Acloudfoundry-identity-uaa package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. Affected versions of this package are vulnerable to Authentication Bypass.
It was possible for an attacker to send requests to admin endpoints (i.e. |
[4.5.0,4.5.7)
[4.7.0,4.7.6)
[4.10.0,4.10.2)
[4.12.0,4.12.4)
[4.19.0,4.19.2)
|
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. Affected versions of this package are vulnerable to Open Redirects. It does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt. How to fix Open Redirect? Upgrade |
[4.6.0,4.7.5)
(4.7.5,4.10.1)
(4.10.1,4.19.0)
|
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. Affected versions of this package are vulnerable to Information Exposure. The SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user. How to fix Information Exposure? Upgrade |
[4.5.0,4.5.5)
[4.8.0,4.8.3)
[4.7.0,4.7.4)
|