Description

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the possessor of a refresh token to authenticate longer than expected. This affects the administrative endpoints of the UAA. i.e. /Users, /Groups, etc. However, if the user has been deleted or had groups removed, or the client was deleted, the refresh token will no longer be valid.

Remediation

References

https://www.cloudfoundry.org/blog/cve-2018-11047/

Related Vulnerabilities

CVE-2023-25164 Vulnerability in npm package @tinacms/cli

CVE-2023-33002 Vulnerability in maven package org.jenkins-ci.plugins:testcomplete

CVE-2023-6394 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql

CVE-2022-36907 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2022-41966 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

High

Classification

CWE-863 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Mitigation Vendor Advisory