GCVE - cpe:2.3:a:cloudfoundry:uaa_release:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cloudfoundry:uaa_release:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Cloudfoundry (`3aa6768c-437d-5100-a420-b037598cadb4`)
Product	Uaa Release (`71bd94fc-ce79-5a20-bf80-92e305665999`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/cloudfoundry/uaa-release`	purl2cpe	2026-06-01 10:12:04.878702

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-22246`	vulnerable	2026-06-03 14:59:39.383461	CVE-2025-22246 – UAA Private Key Exposure LOW (3) Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. Published: 2025-05-13T05:14:40.968Z Updated: 2025-05-13T13:49:09.193Z Open on db.gcve.eu Reference links https://www.cloudfoundry.org/blog/cve-2025-22246-uaa-private-key-exposure/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3801`	vulnerable	2026-06-03 14:40:27.548363	Java Projects using HTTP to fetch dependencies HIGH (8.7) Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component. Published: 2019-04-25T20:17:37.272Z Updated: 2024-09-17T02:56:41.904Z Open on db.gcve.eu Reference links https://www.cloudfoundry.org/blog/cve-2019-3801 http://www.securityfocus.com/bid/108104	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3788`	vulnerable	2026-06-03 14:40:27.466892	UAA redirect-uri allows wildcard in the subdomain HIGH (8.7) Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. Published: 2019-04-25T20:17:37.233Z Updated: 2024-09-16T22:02:12.371Z Open on db.gcve.eu Reference links https://www.cloudfoundry.org/blog/cve-2019-3788	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3775`	vulnerable	2026-06-03 14:40:27.443661	UAA allows users to modify their own email address HIGH (7.1) Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user. Published: 2019-03-07T19:00:00.000Z Updated: 2024-09-16T22:31:19.423Z Open on db.gcve.eu Reference links https://www.cloudfoundry.org/blog/cve-2019-3775	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11279`	vulnerable	2026-06-03 14:39:32.619915	Privilege Escalation via Scope Manipulation in UAA HIGH (8.7) CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. Published: 2019-09-26T21:15:10.245Z Updated: 2024-09-17T02:36:57.958Z Open on db.gcve.eu Reference links https://www.cloudfoundry.org/blog/cve-2019-11279	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.