CVE-2026-22723
- EPSS 0.05%
- Veröffentlicht 05.03.2026 20:40:27
- Zuletzt bearbeitet 17.03.2026 18:35:29
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.
CVE-2025-22246
- EPSS 0.19%
- Veröffentlicht 13.05.2025 05:14:40
- Zuletzt bearbeitet 11.07.2025 15:50:39
Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.
CVE-2025-22216
- EPSS 0.15%
- Veröffentlicht 31.01.2025 06:15:30
- Zuletzt bearbeitet 31.01.2025 18:15:38
A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones.
CVE-2024-38806
- EPSS 0.03%
- Veröffentlicht 18.07.2024 19:15:12
- Zuletzt bearbeitet 21.11.2024 09:26:50
Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This...