org.cloudfoundry.identity:cloudfoundry-identity-common@2.7.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.cloudfoundry.identity:cloudfoundry-identity-common package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
SQL Injection

org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package.

Affected versions of this package are vulnerable to SQL Injection via the User Account and Authentication (UAA).

How to fix SQL Injection?

There is no fixed version for org.cloudfoundry.identity:cloudfoundry-identity-common.

[0,)
  • H
Session Fixation

org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package.

Affected versions of this package are vulnerable to Session Fixation, via the User Account and Authentication (UAA). When UAA is configured to authenticate against external SAML or OpenID Connect based identity providers.

How to fix Session Fixation?

Upgrade org.cloudfoundry.identity:cloudfoundry-identity-common to version 2.7.4.13 or higher.

[,2.7.4.13)
  • H
SQL Injection

org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package.

Affected versions of this package are vulnerable to SQL Injection, via the User Account and Authentication (UAA). The vulnerability occurs due to client_id string was not properly validated.

How to fix SQL Injection?

There is no fixed version for org.cloudfoundry.identity:cloudfoundry-identity-common.

[0,)
  • H
Privilege Escalation

org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package.

Affected versions of this package are vulnerable to Privilege Escalation. A privilege elevation vulnerability has been identified with the identity zones feature of UAA. Users with the appropriate permissions in one zone can perform unauthorized operations on a different zone.

How to fix Privilege Escalation?

Upgrade org.cloudfoundry.identity:cloudfoundry-identity-common to version 2.7.4 or higher.

[2.2.4,2.7.4)
  • M
Improper Validation of Certificate Expiration

org.cloudfoundry.identity:cloudfoundry-identity-common Affected versions of the package do not check for certificate expiration dates by default.

[2,2.7.4.6)
  • H
SQL Injection

org.cloudfoundry.identity:cloudfoundry-identity-common Affected versions of the package are vulnerable to SQL Injection.

[2,2.7.4.4)
  • H
Remote Privilege Escalation

org.cloudfoundry.identity:cloudfoundry-identity-common The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.

[2,2.7.4.8)