org.cloudfoundry.identity:cloudfoundry-identity-uaa 4.13.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.cloudfoundry.identity:cloudfoundry-identity-uaa package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Open Redirect org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. Affected versions of this package are vulnerable to Open Redirects. It does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt. How to fix Open Redirect? Upgrade `org.cloudfoundry.identity:cloudfoundry-identity-uaa` to version 4.19.0 and higher	[4.6.0,4.7.5)(4.7.5,4.10.1)(4.10.1,4.19.0)
H Privilege Escalation org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server. Affected versions of this package are vulnerable to Privilege Escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation. How to fix Privilege Escalation? Upgrade `org.cloudfoundry.identity:cloudfoundry-identity-uaa` to versions 4.12.2, 4.13.4 or higher.	[4.12.0,4.12.2)[4.13.0,4.13.4)

Vulnerability

Vulnerable Version

Open Redirect

org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server.

Affected versions of this package are vulnerable to Open Redirects. It does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.

How to fix Open Redirect?

Upgrade org.cloudfoundry.identity:cloudfoundry-identity-uaa to version 4.19.0 and higher

[4.6.0,4.7.5)(4.7.5,4.10.1)(4.10.1,4.19.0)

Privilege Escalation

org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server.

Affected versions of this package are vulnerable to Privilege Escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

How to fix Privilege Escalation?

Upgrade org.cloudfoundry.identity:cloudfoundry-identity-uaa to versions 4.12.2, 4.13.4 or higher.

[4.12.0,4.12.2)[4.13.0,4.13.4)

org.cloudfoundry.identity:cloudfoundry-identity-uaa@4.13.1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?