Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UAA can issue tokens across identity providers if users with matching usernames exist
Vulnerability Description
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloud Foundry UAA 安全漏洞
Vulnerability Description
Cloud Foundry UAA是美国Cloud Foundry基金会的应用于Cloud Foundry云平台的一款身份验证和管理服务终端。 Cloud Foundry UAA中存在安全漏洞。远程攻击者可利用该漏洞获取具有相同用户名的账户令牌。以下版本受到影响:Cloud Foundry UAA 60.x版本,61.x版本,62.x版本,63.x版本,64.x版本。
CVSS Information
N/A
Vulnerability Type
N/A