org.cloudfoundry.identity:cloudfoundry-identity-server 4.27.0

Direct Vulnerabilities

Known vulnerabilities in the org.cloudfoundry.identity:cloudfoundry-identity-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Authentication org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to Improper Authentication due to improper session validation across multiple identity zones. An attacker can access unauthorized zones by reusing a session identifier (`jsessionid`) originally authenticated against a different identity provider. How to fix Improper Authentication? A fix was pushed into the `master` branch but not yet published.	[0,)
M Arbitrary Code Injection org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to Arbitrary Code Injection. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA. How to fix Arbitrary Code Injection? A fix was pushed into the `master` branch but not yet published.	[0,)
M Improper Authentication org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server. Affected versions of this package are vulnerable to Improper Authentication. Due to improper checks of cookie secure flag. How to fix Improper Authentication? Upgrade `org.cloudfoundry.identity:cloudfoundry-identity-server` to version 74.25.0 or higher.	[0,74.25.0)

Vulnerability

Vulnerable Version

Improper Authentication

org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server.

Affected versions of this package are vulnerable to Improper Authentication due to improper session validation across multiple identity zones. An attacker can access unauthorized zones by reusing a session identifier (jsessionid) originally authenticated against a different identity provider.

How to fix Improper Authentication?

A fix was pushed into the master branch but not yet published.

[0,)

Arbitrary Code Injection

org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server.

Affected versions of this package are vulnerable to Arbitrary Code Injection. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.

How to fix Arbitrary Code Injection?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Authentication

org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication (UAA) Server.

Affected versions of this package are vulnerable to Improper Authentication. Due to improper checks of cookie secure flag.

How to fix Improper Authentication?

Upgrade org.cloudfoundry.identity:cloudfoundry-identity-server to version 74.25.0 or higher.

[0,74.25.0)

org.cloudfoundry.identity:cloudfoundry-identity-server@4.27.0

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically