Privilege Escalation Affecting org.cloudfoundry.identity:cloudfoundry-identity-uaa Open this link in a new tab package, versions [3.0.0, 3.6.5) [3.7, 3.9.3) [2.0.0, 220.127.116.11)
Do your applications use this vulnerable package?
4 Jul 2019
12 Dec 2016
David King, Graham Bleach, Piotr Komborski
How to fix?
org.cloudfoundry.identity:cloudfoundry-identity-uaa to version 3.6.5, 3.9.3, 18.104.22.168 or higher.
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a Cloud Foundry User Account and Authentication plugin.
Affected versions of this package are vulnerable to Privilege Escalation. An attacker can gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.