Description

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.

Remediation

References

https://www.cloudfoundry.org/cve-2017-4992/

Related Vulnerabilities

CVE-2022-34207 Vulnerability in maven package org.jenkins-ci.plugins:beaker-builder

CVE-2023-37277 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war

CVE-2022-36060 Vulnerability in npm package matrix-react-sdk

CVE-2023-30526 Vulnerability in maven package org.jenkins-ci.plugins:reportportal

CVE-2023-50728 Vulnerability in npm package @octokit/app

Severity

Critical

Classification

CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory