CVE-2018-15761

High

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for…

dell·NVD-CWE-noinfo·Published 2018-11-19

CVSS

8.8

EPSS

0.02

KEV

Exploits

cve.orgen

301 chars

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.

NVDen

301 chars

OSV.deven

301 chars

GHSAen

301 chars

NVDes

354 chars

Cloud Foundry UAA release, en versiones anteriores a la v64.0, y UAA, en versiones anteriores a la 4.23.0, contiene un error de validación que permite el escalado de privilegios. Un usuario autenticado remoto podría modificar la URL y el contenido de una página de consentimiento para obtener un token con alcances arbitrarios que escala sus privilegios.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.0	Primary	cve.org	9.9	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.0	Primary	cve.org	9.9	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.0	Primary	NVD	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.0	Secondary	NVD	9.9	3.1	6.0	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
3.1	Secondary	GHSA	8.8	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H