|ID||CVSS||Summary||Last (major) update||Published|
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if
|12-12-2019 - 17:22||06-12-2019 - 20:15|
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcatâ€™s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
|09-10-2020 - 13:19||26-11-2019 - 00:15|
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
|03-03-2020 - 18:35||27-02-2020 - 20:15|
|09-10-2019 - 23:45||09-08-2019 - 20:15|
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately
|05-10-2020 - 02:06||26-09-2019 - 21:15|