2019-08-05 16:21:54
pivotal
PUBLISHED
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the clients.write authority or scope can bypass the restrictions imposed on clients created via clients.write and create clients with arbitrary scopes that the creator does not possess.