org.cloudfoundry.identity:cloudfoundry-identity-common 2.7.4.4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.cloudfoundry.identity:cloudfoundry-identity-common package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H SQL Injection org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package. Affected versions of this package are vulnerable to SQL Injection, via the User Account and Authentication (UAA). The vulnerability occurs due to `client_id` string was not properly validated. How to fix SQL Injection? There is no fixed version for `org.cloudfoundry.identity:cloudfoundry-identity-common`.	[0,)
M SQL Injection org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package. Affected versions of this package are vulnerable to SQL Injection via the User Account and Authentication (UAA). How to fix SQL Injection? There is no fixed version for `org.cloudfoundry.identity:cloudfoundry-identity-common`.	[0,)
H Session Fixation org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package. Affected versions of this package are vulnerable to Session Fixation, via the User Account and Authentication (UAA). When UAA is configured to authenticate against external SAML or OpenID Connect based identity providers. How to fix Session Fixation? Upgrade `org.cloudfoundry.identity:cloudfoundry-identity-common` to version 2.7.4.13 or higher.	[,2.7.4.13)
M Improper Validation of Certificate Expiration `org.cloudfoundry.identity:cloudfoundry-identity-common` Affected versions of the package do not check for certificate expiration dates by default.	[2,2.7.4.6)
H Remote Privilege Escalation `org.cloudfoundry.identity:cloudfoundry-identity-common` The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.	[2,2.7.4.8)

Vulnerability

Vulnerable Version

SQL Injection

org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package.

Affected versions of this package are vulnerable to SQL Injection, via the User Account and Authentication (UAA). The vulnerability occurs due to client_id string was not properly validated.

How to fix SQL Injection?

There is no fixed version for org.cloudfoundry.identity:cloudfoundry-identity-common.

[0,)

SQL Injection

org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package.

Affected versions of this package are vulnerable to SQL Injection via the User Account and Authentication (UAA).

How to fix SQL Injection?

There is no fixed version for org.cloudfoundry.identity:cloudfoundry-identity-common.

[0,)

Session Fixation

org.cloudfoundry.identity:cloudfoundry-identity-common is a CloudFoundry Identity Common package.

Affected versions of this package are vulnerable to Session Fixation, via the User Account and Authentication (UAA). When UAA is configured to authenticate against external SAML or OpenID Connect based identity providers.

How to fix Session Fixation?

Upgrade org.cloudfoundry.identity:cloudfoundry-identity-common to version 2.7.4.13 or higher.

[,2.7.4.13)

Improper Validation of Certificate Expiration

org.cloudfoundry.identity:cloudfoundry-identity-common Affected versions of the package do not check for certificate expiration dates by default.

[2,2.7.4.6)

Remote Privilege Escalation

org.cloudfoundry.identity:cloudfoundry-identity-common The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.

[2,2.7.4.8)

org.cloudfoundry.identity:cloudfoundry-identity-common@2.7.4.4 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?