CVE-2019-3798

Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.

Published : 2019-04-17 14:29 Updated : 2019-10-09 23:49

6.0
CVSS Score More info
Score 6.0 / 10
6.0
Vendor Product Version URI
Cloudfoundry Capi-release 1.7.0 cpe:/a:cloudfoundry:capi-release:1.7.0
Cloudfoundry Capi-release 1.8.0 cpe:/a:cloudfoundry:capi-release:1.8.0
Cloudfoundry Capi-release 1.9.0 cpe:/a:cloudfoundry:capi-release:1.9.0
Cloudfoundry Capi-release 1.10.0 cpe:/a:cloudfoundry:capi-release:1.10.0
Cloudfoundry Capi-release 1.11.0 cpe:/a:cloudfoundry:capi-release:1.11.0
Cloudfoundry Capi-release 1.12.0 cpe:/a:cloudfoundry:capi-release:1.12.0
Cloudfoundry Capi-release 1.13.0 cpe:/a:cloudfoundry:capi-release:1.13.0
Cloudfoundry Capi-release 1.14.0 cpe:/a:cloudfoundry:capi-release:1.14.0
Cloudfoundry Capi-release 1.15.0 cpe:/a:cloudfoundry:capi-release:1.15.0
Cloudfoundry Capi-release 1.16.0 cpe:/a:cloudfoundry:capi-release:1.16.0
Cloudfoundry Capi-release 1.17.0 cpe:/a:cloudfoundry:capi-release:1.17.0
Cloudfoundry Capi-release 1.18.0 cpe:/a:cloudfoundry:capi-release:1.18.0
Cloudfoundry Capi-release 1.19.0 cpe:/a:cloudfoundry:capi-release:1.19.0
Cloudfoundry Capi-release 1.20.0 cpe:/a:cloudfoundry:capi-release:1.20.0
Cloudfoundry Capi-release 1.21.0 cpe:/a:cloudfoundry:capi-release:1.21.0
Cloudfoundry Capi-release 1.22.0 cpe:/a:cloudfoundry:capi-release:1.22.0
Cloudfoundry Capi-release 1.23.0 cpe:/a:cloudfoundry:capi-release:1.23.0
Cloudfoundry Capi-release 1.24.0 cpe:/a:cloudfoundry:capi-release:1.24.0
Cloudfoundry Capi-release 1.25.0 cpe:/a:cloudfoundry:capi-release:1.25.0
Cloudfoundry Capi-release 1.26.0 cpe:/a:cloudfoundry:capi-release:1.26.0
Cloudfoundry Capi-release 1.27.0 cpe:/a:cloudfoundry:capi-release:1.27.0
Cloudfoundry Capi-release 1.28.0 cpe:/a:cloudfoundry:capi-release:1.28.0
Cloudfoundry Capi-release 1.29.0 cpe:/a:cloudfoundry:capi-release:1.29.0
Cloudfoundry Capi-release 1.30.0 cpe:/a:cloudfoundry:capi-release:1.30.0
Cloudfoundry Capi-release 1.31.0 cpe:/a:cloudfoundry:capi-release:1.31.0
Cloudfoundry Capi-release 1.32.0 cpe:/a:cloudfoundry:capi-release:1.32.0
Cloudfoundry Capi-release 1.33.0 cpe:/a:cloudfoundry:capi-release:1.33.0
Cloudfoundry Capi-release 1.34.0 cpe:/a:cloudfoundry:capi-release:1.34.0
Cloudfoundry Capi-release 1.35.0 cpe:/a:cloudfoundry:capi-release:1.35.0
Cloudfoundry Capi-release 1.36.0 cpe:/a:cloudfoundry:capi-release:1.36.0
Cloudfoundry Capi-release 1.37.0 cpe:/a:cloudfoundry:capi-release:1.37.0
Cloudfoundry Capi-release 1.0.0 cpe:/a:cloudfoundry:capi-release:1.0.0
Cloudfoundry Capi-release 1.1.0 cpe:/a:cloudfoundry:capi-release:1.1.0
Cloudfoundry Capi-release 1.2.0 cpe:/a:cloudfoundry:capi-release:1.2.0
Cloudfoundry Capi-release 1.3.0 cpe:/a:cloudfoundry:capi-release:1.3.0
Cloudfoundry Capi-release 1.4.0 cpe:/a:cloudfoundry:capi-release:1.4.0
Cloudfoundry Capi-release 1.5.0 cpe:/a:cloudfoundry:capi-release:1.5.0
Cloudfoundry Capi-release 1.6.0 cpe:/a:cloudfoundry:capi-release:1.6.0
Cloudfoundry Capi-release 1.38.0 cpe:/a:cloudfoundry:capi-release:1.38.0
Cloudfoundry Capi-release 1.39.0 cpe:/a:cloudfoundry:capi-release:1.39.0
Cloudfoundry Capi-release 1.40.0 cpe:/a:cloudfoundry:capi-release:1.40.0
Cloudfoundry Capi-release 1.41.0 cpe:/a:cloudfoundry:capi-release:1.41.0
Cloudfoundry Capi-release 1.42.0 cpe:/a:cloudfoundry:capi-release:1.42.0
Cloudfoundry Capi-release 1.43.0 cpe:/a:cloudfoundry:capi-release:1.43.0
Cloudfoundry Capi-release 1.44.0 cpe:/a:cloudfoundry:capi-release:1.44.0
Cloudfoundry Capi-release 1.45.0 cpe:/a:cloudfoundry:capi-release:1.45.0
Cloudfoundry Capi-release 1.46.0 cpe:/a:cloudfoundry:capi-release:1.46.0
Cloudfoundry Capi-release 1.47.0 cpe:/a:cloudfoundry:capi-release:1.47.0
Cloudfoundry Capi-release 1.48.0 cpe:/a:cloudfoundry:capi-release:1.48.0
Cloudfoundry Capi-release 1.49.0 cpe:/a:cloudfoundry:capi-release:1.49.0
Cloudfoundry Capi-release 1.50.0 cpe:/a:cloudfoundry:capi-release:1.50.0
Cloudfoundry Capi-release 1.51.0 cpe:/a:cloudfoundry:capi-release:1.51.0
Cloudfoundry Capi-release 1.52.0 cpe:/a:cloudfoundry:capi-release:1.52.0
Cloudfoundry Capi-release 1.53.0 cpe:/a:cloudfoundry:capi-release:1.53.0
Cloudfoundry Capi-release 1.54.0 cpe:/a:cloudfoundry:capi-release:1.54.0
Cloudfoundry Capi-release 1.55.0 cpe:/a:cloudfoundry:capi-release:1.55.0
Cloudfoundry Capi-release 1.56.0 cpe:/a:cloudfoundry:capi-release:1.56.0
Cloudfoundry Capi-release 1.57.0 cpe:/a:cloudfoundry:capi-release:1.57.0
Cloudfoundry Capi-release 1.58.0 cpe:/a:cloudfoundry:capi-release:1.58.0
Cloudfoundry Capi-release 1.59.0 cpe:/a:cloudfoundry:capi-release:1.59.0
Cloudfoundry Capi-release 1.60.0 cpe:/a:cloudfoundry:capi-release:1.60.0
Cloudfoundry Capi-release 1.61.0 cpe:/a:cloudfoundry:capi-release:1.61.0
Cloudfoundry Capi-release 1.62.0 cpe:/a:cloudfoundry:capi-release:1.62.0
Cloudfoundry Capi-release 1.63.0 cpe:/a:cloudfoundry:capi-release:1.63.0
Cloudfoundry Capi-release 1.64.0 cpe:/a:cloudfoundry:capi-release:1.64.0
Cloudfoundry Capi-release 1.65.0 cpe:/a:cloudfoundry:capi-release:1.65.0
Cloudfoundry Capi-release 1.66.0 cpe:/a:cloudfoundry:capi-release:1.66.0
Cloudfoundry Capi-release 1.67.0 cpe:/a:cloudfoundry:capi-release:1.67.0
Cloudfoundry Capi-release 1.68.0 cpe:/a:cloudfoundry:capi-release:1.68.0
Cloudfoundry Capi-release 1.69.0 cpe:/a:cloudfoundry:capi-release:1.69.0
Cloudfoundry Capi-release 1.70.0 cpe:/a:cloudfoundry:capi-release:1.70.0
Cloudfoundry Capi-release 1.71.0 cpe:/a:cloudfoundry:capi-release:1.71.0
Cloudfoundry Capi-release 1.72.0 cpe:/a:cloudfoundry:capi-release:1.72.0
Cloudfoundry Capi-release 1.73.0 cpe:/a:cloudfoundry:capi-release:1.73.0
Cloudfoundry Capi-release 1.74.0 cpe:/a:cloudfoundry:capi-release:1.74.0
Cloudfoundry Capi-release 1.75.0 cpe:/a:cloudfoundry:capi-release:1.75.0
Cloudfoundry Capi-release 1.76.0 cpe:/a:cloudfoundry:capi-release:1.76.0
Cloudfoundry Capi-release 1.77.0 cpe:/a:cloudfoundry:capi-release:1.77.0
Cloudfoundry Capi-release 1.78.0 cpe:/a:cloudfoundry:capi-release:1.78.0
  1. Cloudfoundry (1) Search CVE
    1. Capi-release (79) Search CVE
      1. 1.7.0
      2. 1.8.0
      3. 1.9.0
      4. 1.10.0
      5. 1.11.0
      6. 1.12.0
      7. 1.13.0
      8. 1.14.0
      9. 1.15.0
      10. 1.16.0
      11. 1.17.0
      12. 1.18.0
      13. 1.19.0
      14. 1.20.0
      15. 1.21.0
      16. 1.22.0
      17. 1.23.0
      18. 1.24.0
      19. 1.25.0
      20. 1.26.0
      21. 1.27.0
      22. 1.28.0
      23. 1.29.0
      24. 1.30.0
      25. 1.31.0
      26. 1.32.0
      27. 1.33.0
      28. 1.34.0
      29. 1.35.0
      30. 1.36.0
      31. 1.37.0
      32. 1.0.0
      33. 1.1.0
      34. 1.2.0
      35. 1.3.0
      36. 1.4.0
      37. 1.5.0
      38. 1.6.0
      39. 1.38.0
      40. 1.39.0
      41. 1.40.0
      42. 1.41.0
      43. 1.42.0
      44. 1.43.0
      45. 1.44.0
      46. 1.45.0
      47. 1.46.0
      48. 1.47.0
      49. 1.48.0
      50. 1.49.0
      51. 1.50.0
      52. 1.51.0
      53. 1.52.0
      54. 1.53.0
      55. 1.54.0
      56. 1.55.0
      57. 1.56.0
      58. 1.57.0
      59. 1.58.0
      60. 1.59.0
      61. 1.60.0
      62. 1.61.0
      63. 1.62.0
      64. 1.63.0
      65. 1.64.0
      66. 1.65.0
      67. 1.66.0
      68. 1.67.0
      69. 1.68.0
      70. 1.69.0
      71. 1.70.0
      72. 1.71.0
      73. 1.72.0
      74. 1.73.0
      75. 1.74.0
      76. 1.75.0
      77. 1.76.0
      78. 1.77.0
      79. 1.78.0

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-10-09 23:49
2019-05-02 17:53
2019-04-29 20:29
2019-04-17 16:29
2019-04-17 14:29

New CVE