CVE-2019-11279

CVE-2019-11279

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn’t be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.

Source: CVE-2019-11279

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다