Homepage
About Snyk

org.cloudfoundry.identity:cloudfoundry-identity-uaa@4.5.6 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.cloudfoundry.identity:cloudfoundry-identity-uaa package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Authentication Bypass

org.cloudfoundry.identity:cloudfoundry-identity-uaa is a multi tenant identity management service, used in Cloud Foundry, but also available as a stand alone OAuth2 server.

Affected versions of this package are vulnerable to Authentication Bypass. It was possible for an attacker to send requests to admin endpoints (i.e. /Users or /Groups, etc) with a valid refresh token (instead of an access token), and they would be incorrectly authorized.

[4.5.0,4.5.7) [4.7.0,4.7.6) [4.10.0,4.10.2) [4.12.0,4.12.4) [4.19.0,4.19.2)
Go back to all versions of this package