CVE-2019-11282

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.
References
Link Resource
https://www.cloudfoundry.org/blog/cve-2019-11282 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*

History

17 Aug 2021, 14:29

Type Values Removed Values Added
CPE cpe:2.3:a:pivotal_software:cloud_foundry_cf-deployment:*:*:*:*:*:*:*:* cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*

Information

Published : 2019-10-23 16:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-11282

Mitre link : CVE-2019-11282

CVE.ORG link : CVE-2019-11282


JSON object : View

Products Affected

pivotal_software

  • cloud_foundry_uaa

cloudfoundry

  • cf-deployment
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor