CVE-2017-4973
HIGH8.8EPSS 0.30%Cloud Foundry UAA Privilege Escalation
Published: 5/13/2022Modified: 3/1/2024
Description
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges.
Affected packages (1)
- Maven/org.cloudfoundry.identity:cloudfoundry-identity-server>= 2.0.0, < 2.7.4.14
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (11)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-4973
- PATCHhttps://github.com/cloudfoundry/uaa
- WEBhttps://github.com/cloudfoundry/uaa/commit/0762cc768592abc4fb1c6afd9974ea6fb964f0f2
- WEBhttps://github.com/cloudfoundry/uaa/commit/18cf22ba9177f1124f85f99651b474b48f12cd28
- WEBhttps://github.com/cloudfoundry/uaa/commit/24bc5ade80560cedb9300940d2b398163ab0dc6
- WEBhttps://github.com/cloudfoundry/uaa/commit/24c270ce725df890727b2bd7d8a4f338a3a58b7
- WEBhttps://github.com/cloudfoundry/uaa/commit/3c456f0285e92713a0a9ce54c3e57d8636b9183c
- WEBhttps://github.com/cloudfoundry/uaa/commit/52acfabd11c3c77c2a3f5229b32f56de0e8d26ad
- WEBhttps://github.com/cloudfoundry/uaa/commit/5eb43757d5a3a2c9e7aae1ef3d0b9b7e2a38851e
- WEBhttps://github.com/cloudfoundry/uaa/commit/9d44cb0c7c25ccae95bfa1c2d59ce46200c643cb
- WEBhttps://www.cloudfoundry.org/cve-2017-4973