Security Advisory

CVE-2019-11279

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-26 21:15:10

Last updated 2024-09-17 02:36:57

Assigner pivotal

State PUBLISHED

Description

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldnt be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.

← Browse all CVEs View on cve.org ↗