Products
Cloud Foundry Foundation
- v40.17.0
Source
security@vmware.com
Tags
CVE-2024-38806 details
Published : July 18, 2024, 7:15 p.m.
Last Modified : July 18, 2024, 7:15 p.m.
Last Modified : July 18, 2024, 7:15 p.m.
Description
Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.
CVSS Score
| 1 | 2 | 3.9 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-440 | Expected Behavior Violation | A feature, API, or function does not perform according to its specification. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
3.9
Exploitability Score
0.5
Impact Score
3.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2024-38806-uaa-failure-to-remove-shadow-users-access | security@vmware.com |
This website uses the NVD API, but is not approved or certified by it.