Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UAA defaults email address to an insecure domain
Vulnerability Description
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.
CVSS Information
N/A
Vulnerability Type
业务逻辑错误
Vulnerability Title
Cloud Foundry UAA 授权问题漏洞
Vulnerability Description
Cloud Foundry UAA是美国Cloud Foundry基金会的一款应用于CloudFoundry云平台的身份验证和管理服务终端。 Cloud Foundry UAA 73.0.0之前版本中存在授权问题漏洞。攻击者可利用该漏洞完全控制用户账户。
CVSS Information
N/A
Vulnerability Type
N/A