CVE-2019-11278

CVE-2019-11278

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with ‘client.write’ and ‘groups.update’ can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.

Source: CVE-2019-11278

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다