Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pivotal Cloud Foundry和UAA 安全漏洞
Vulnerability Description
Pivotal Cloud Foundry(PCF)是美国Pivotal Software公司的产品。PCF是一套开源的平台即服务(PaaS)云计算平台,它提供容器调度、持续交付和自动化服务部署等功能。UAA是PCF的一个身份验证和管理服务终端。 PCF和UAA中存在会话固定漏洞。攻击者可利用该漏洞劫持会话。以下版本和产品受到影响:Cloud Foundry release 252及之前的版本;UAA stand-alone release 2.0.0版本至2.7.4.12版本,3.0.0版本至3.11.
CVSS Information
N/A
Vulnerability Type
N/A