Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloud Foundry UAA和uaa-release 安全漏洞
Vulnerability Description
Cloud Foundry UAA和uaa-release都是美国Cloud Foundry基金会的应用于Cloud Foundry云平台的不同版本的身份验证和管理服务终端。 Cloud Foundry UAA和uaa-release中存在安全漏洞,该漏洞源于程序没有验证‘form’参数(该参数用于登录页面上的内部UAA重定向)中用于重定向URL的值。远程攻击者可通过构造恶意的链接利用该漏洞将用户重定向到任意的网站。以下产品和版本受到影响:Cloud Foundry UAA 4.6.0版本至4.19.0版
CVSS Information
N/A
Vulnerability Type
N/A