Authorization Logic Error in Cloud Foundry UAA Allows Token Hijacking Across Identity Providers
CVE-2018-15754 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
Learn more about our User Device Pen Test.