cvedb.io
CVE-2019-3798
MEDIUM · CVSS 6
EPSS exploitation probability: 0%
Published 2019-04-17T14:29:03.590 · Last modified 2026-06-17T02:35:36.753

Summary

Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.

Affected products

cloudfoundry — capi-release

Does this affect you?

Add your gear to cvedb and we'll alert you only when cloudfoundry ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.