Homepage
About Snyk

org.cloudfoundry.identity:cloudfoundry-identity-server@4.23.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.cloudfoundry.identity:cloudfoundry-identity-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Arbitrary Code Injection

org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server.

Affected versions of this package are vulnerable to Arbitrary Code Injection. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

How to fix Arbitrary Code Injection?

A fix was pushed into the master branch but not yet published.

[0,)
  • M
Improper Authentication

org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server.

Affected versions of this package are vulnerable to Improper Authentication. Due to improper checks of cookie secure flag.

How to fix Improper Authentication?

Upgrade org.cloudfoundry.identity:cloudfoundry-identity-server to version 74.25.0 or higher.

[0,74.25.0)
Go back to all versions of this package