Privilege Escalation Affecting org.cloudfoundry.identity:cloudfoundry-identity-uaa package, versions [3.0.0, 3.6.5) [3.7, 3.9.3) [2.0.0, 184.108.40.206)
Do your applications use this vulnerable package?
4 Jul 2019
12 Dec 2016
David King, Graham Bleach, Piotr Komborski
How to fix?
org.cloudfoundry.identity:cloudfoundry-identity-uaa to version 3.6.5, 3.9.3, 220.127.116.11 or higher.
org.cloudfoundry.identity:cloudfoundry-identity-uaa is a Cloud Foundry User Account and Authentication plugin.
Affected versions of this package are vulnerable to Privilege Escalation. An attacker can gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.