漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
UAA redirect-uri allows wildcard in the subdomain
Vulnerability Description
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Cloud Foundry UAA 输入验证错误漏洞
Vulnerability Description
Cloud Foundry UAA是一款应用于CloudFoundry云平台的身份验证和管理服务终端。 Cloud Foundry UAA Release 71.0之前版本中存在安全漏洞。远程攻击者可通过构造钓鱼链接利用该漏洞获取UAA的访问码。
CVSS Information
N/A
Vulnerability Type
N/A