CVE-2019-3788
HIGHCloud Foundry UAA Release < 71.0 - Unauthenticated Open Redirect via Wildcard Subdomain
Title source: llmDescription
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-3788
Scores
CVSS v3
8.7
EPSS
0.0083
EPSS Percentile
52.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-601
Status
published
Products (1)
cloudfoundry/uaa_release
< 71.0
Published
Apr 25, 2019
Tracked Since
Feb 18, 2026