Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Pivotal产品开放重定向漏洞
Vulnerability Description
Pivotal Cloud Foundry(PCF)是美国Pivotal Software公司的一套开源的平台即服务(PaaS)云计算平台,它提供容器调度、持续交付和自动化服务部署等功能。PCF Elastic Runtime是其中的一个运行环境。PCF Ops Manager是其中的一个用于部署、在线升级、配置的管理工具。 多款Pivotal产品中的OAuth authorization实现过程存在开放重定向漏洞,该漏洞源于程序没有正确处理redirect_uri子域。远程攻击者可借助修改的子域利用该漏
CVSS Information
N/A
Vulnerability Type
N/A