In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2021-22001-sensitive-info-leakage-in-uaa-during-identity-provider-deletion/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Aug 2021, 16:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://www.cloudfoundry.org/blog/cve-2021-22001-sensitive-info-leakage-in-uaa-during-identity-provider-deletion/ - Vendor Advisory | |
CPE | cpe:2.3:a:cloudfoundry:user_account_and_authentication:*:*:*:*:*:*:*:* cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo |
22 Jul 2021, 14:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-22 14:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-22001
Mitre link : CVE-2021-22001
CVE.ORG link : CVE-2021-22001
JSON object : View
Products Affected
cloudfoundry
- user_account_and_authentication
- cf-deployment
CWE