org.cloudfoundry.identity:cloudfoundry-identity-server@3.5.0 vulnerabilities
-
latest version
4.30.0
-
first published
8 years ago
-
latest version published
5 years ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.cloudfoundry.identity:cloudfoundry-identity-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to Denial of Service (DoS) in the client token revocation endpoint. A user for a particular client can revoke client tokens for other users on the same client if the target is using opaque tokens or JWT tokens validated using the How to fix Denial of Service (DoS)? Upgrade |
[,4.5.6)
[4.6.0,4.7.1)
|
org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment that allows a remote authenticated user to modify the URL and content of a consent page to access a token with arbitrary scopes that escalates their privileges. How to fix Improper Restriction of Security Token Assignment? Upgrade |
[,4.23.0)
|
org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to Arbitrary Code Injection. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA. How to fix Arbitrary Code Injection? A fix was pushed into the |
[0,)
|
org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to Improper Authentication. Due to improper checks of cookie secure flag. How to fix Improper Authentication? Upgrade |
[0,74.25.0)
|
|
[3.0.0,3.9.1)
|
org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to SQL Injection via the User Account and Authentication (UAA). How to fix SQL Injection? Upgrade |
[,3.16.0)
|
org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to SQL Injection,
via the User Account and Authentication (UAA). The vulnerability occurs due to How to fix SQL Injection? Upgrade |
[,3.15.0)
|
org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to Privilege Escalation via the User Account and Authentication (UAA). Any user could pass a malicious token to a group endpoint, causing an elevation of privileges. How to fix Privilege Escalation? Upgrade |
[3.0.0,3.15.0)
|
|
[3.0.0,3.3.0.6)
[3.4.0,3.4.5)
[3.5.0,3.7.3)
|