CVE-2017-4974: Blind SQL Injection with privileged UAA endpoints

Home Messages Hashtags Subgroups

Molly Crowther #6760 CF devs, Please see the following public link for information about a high CVE in UAA. This is continuation of work that was originally released as part of CVE-2017-4972 <https://www.cloudfoundry.org/cve-2017-4972/>. It's essentially the same attack but on some endpoints that require more privileges. https://www.cloudfoundry.org/cve-2017-4974 Friendly reminder that you can subscribe to new Cloud Foundry security issues at: https://www.cloudfoundry.org/category/security/feed/ Please let me know if you have any questions or concerns. Thanks, Molly Crowther Cloud Foundry Foundation Security Team attachment.html
More All Messages By This Member

Join {cf-dev@lists.cloudfoundry.org to automatically receive all group messages.