CVE-2021-22001
HIGHCloudfoundry Cf-deployment < 16.18.0 - Information Disclosure
Title source: ruleDescription
In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.cloudfoundry.org/blog/cve-2021-22001-sensitive-info-leakage-in-uaa-during-identity-provider-deletion/
Scores
CVSS v3
7.5
EPSS
0.0099
EPSS Percentile
58.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
cloudfoundry/cf-deployment
< 16.18.0
cloudfoundry/user_account_and_authentication
< 75.3.0
Published
Jul 22, 2021
Tracked Since
Feb 18, 2026