Security Advisory

CVE-2019-11278

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-26 21:11:24

Last updated 2024-09-16 23:51:53

Assigner pivotal

State PUBLISHED

Description

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with client.write and groups.update can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.

← Browse all CVEs View on cve.org ↗