org.cloudfoundry.identity:cloudfoundry-identity-server
Maven21 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.cloudfoundry.identity:cloudfoundry-identity-serverpage 1 of 1
- CVE-2015-3189LOWCVSS 3.7EG 3.7✓ Fixed in 2.2.52017-05-25
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current emai…
- CVE-2015-5170HIGHCVSS 8.8EG 8.8✓ Fixed in 2.5.22017-10-24
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary…
- CVE-2015-5171CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.5.22017-10-24
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire exi…
- CVE-2015-5172CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.5.22017-10-24
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
- CVE-2016-3084HIGHCVSS 8.1EG 8.1✓ Fixed in 3.3.0.12017-05-25
vulnerable: 3.0.0 ... 3.3.0 (6 versions)
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2…
- CVE-2016-5016MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.4.22017-04-24
vulnerable: 3.4.0
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x bef…
- CVE-2016-6637CRITICALCVSS 9.6EG 9.6✓ Fixed in 3.7.02016-09-30
vulnerable: 3.5.0, 3.6.0
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6…
- CVE-2017-4960HIGHCVSS 7.5EG 7.5✓ Fixed in 3.9.82017-03-10
vulnerable: 3.0.0 ... 3.9.1 (23 versions)
An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.
- CVE-2017-4973HIGHCVSS 8.8EG 8.8✓ Fixed in 3.15.02017-06-13
vulnerable: 3.10.0, 3.12.0, 3.13.0
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and U…
- CVE-2017-4974MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.16.02017-06-13
vulnerable: 3.10.0, 3.12.0, 3.13.0, 3.15.0
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and U…
- CVE-2017-4991HIGHCVSS 7.2EG 7.2✓ Fixed in 3.17.02017-06-13
vulnerable: 3.10.0, 3.12.0, 3.13.0, 3.15.0, 3.16.0
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and …
- CVE-2017-4992CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.2.02017-06-13
vulnerable: 3.10.0 ... 4.1.0 (9 versions)
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and U…
- CVE-2017-8031MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.20.12017-11-27
vulnerable: 3.0.0 ... 3.9.1 (31 versions)
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated use…
- CVE-2017-8032MEDIUMCVSS 6.6EG 6.6✓ Fixed in 4.4.02017-07-10
vulnerable: 4.1.0, 4.2.0, 4.3.0
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bos…
- CVE-2018-11041MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.19.02018-06-25
vulnerable: 4.13.0 ... 4.18.0 (9 versions)
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for in…
- CVE-2018-11047HIGHCVSS 7.5EG 7.5✓ Fixed in 4.19.22018-07-24
vulnerable: 4.13.0 ... 4.19.0 (10 versions)
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu…
- CVE-2018-1190MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.20.22018-01-04
vulnerable: 3.0.0 ... 3.9.1 (31 versions)
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XS…
- CVE-2018-1192HIGHCVSS 8.8EG 8.8✓ Fixed in 4.8.32018-02-01
vulnerable: 4.8.0, 4.8.2
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior…
- CVE-2018-1262HIGHCVSS 7.2EG 7.2✓ Fixed in 4.13.42018-05-15
vulnerable: 4.13.0, 4.13.1, 4.13.3
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue…
- CVE-2018-15761CRITICALCVSS 9.9EG 9.9✓ Fixed in 4.23.02018-11-19
vulnerable: 3.0.0 ... 4.9.0 (75 versions)
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain …
- CVE-2026-22723MEDIUMCVSS 6.5EG 6.5✓ Fixed in 78.8.02026-03-05
Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.
Check whether org.cloudfoundry.identity:cloudfoundry-identity-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.cloudfoundry.identity:cloudfoundry-identity-server CVEs against the assets you own.
Start Free Scan →