Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the possessor of a refresh token to authenticate longer than expected. This affects the administrative endpoints of the UAA. i.e. /Users, /Groups, etc. However, if the user has been deleted or had groups removed, or the client was deleted, the refresh token will no longer be valid.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloud Foundry UAA 安全漏洞
Vulnerability Description
Cloud Foundry UAA是美国Cloud Foundry基金会的应用于Cloud Foundry云平台的一款身份验证和管理服务终端。 Cloud Foundry UAA中存在安全漏洞。攻击者可利用该漏洞绕过访问限制。以下版本受到影响:Cloud Foundry UAA 4.19.2之前的4.19版本,4.12.4之前的4.12版本,4.10.2之前的4.10版本,4.7.6之前的4.7版本,4.5.7之前的4.5版本。
CVSS Information
N/A
Vulnerability Type
N/A