Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cloud Foundry has disclosed a privilege escalation flaw in User Account and Authentication software

The Open source devops platform Cloud Foundry fixed a bug that affects its User Account and Authentication server software. The Open source devops platform Cloud Foundry has disclosed a vulnerability, tracked as CVE-2017-8032, that affects its User Account and Authentication server software. The flaw, rated by the organization as high-severity, could be exploited by zone […]

Cloud Foundry disclosed a privilege escalation flaw in UAA software

The Open source devops platform Cloud Foundry fixed a bug that affects its User Account and Authentication server software.

The Open source devops platform Cloud Foundry has disclosed a vulnerability, tracked as CVE-2017-8032, that affects its User Account and Authentication server software. The flaw, rated by the organization as high-severity, could be exploited by zone administrators to escalate their privileges when mapping permissions for an external provider.

The User Account and Authentication is the Cloud Foundry ID management service that implements the  OAuth2 authentication protocol.

Cloud Foundry disclosed a privilege escalation flaw in UAA software

CVE-2017-8032 was patched in an update last week, and the detailed advisory landed June 12 here.

“In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.” reads the description published by the Mitre.

The vulnerability affects the following versions of UAA and cf-release versions prior to v264:

  • UAA release:
    • All versions of UAA v2.x.x
    • 3.6.x versions prior to v3.6.13
    • 3.9.x versions prior to v3.9.15
    • 3.20.x versions prior to v3.20.0
    • Other versions prior to v4.4.0
  • UAA bosh release (uaa-release):
    • 13.x versions prior to v13.17
    • 24.x versions prior to v24.12
    • 30.x versions prior to 30.5
    • Other versions prior to v41

The Cloud Foundry security advisory highlights that a foundation is vulnerable only if all of the following conditions are satisfied:

  • You are using multiple zones in UAA
  • You are giving out admin privileges for managing external providers (LDAP/SAML/OIDC) and corresponding group mappings
  • You have enabled LDAP/SAML/OIDC providers and external group mappings

Cloud Foundry suggests making one of these conditions false to mitigate the threat.

Revising any of these settings serves as a mitigation ahead of implementing a patch, Cloud Foundry says.

The advisory includes the link to upgrade both Cloud Foundry users to version 264 or later and standalone UAA users that have to install the 3.x.x series.

[adrotate banner=”9″]

Pierluigi Paganini 

(Security Affairs – Cloud Foundry, User Account and Authentication)

[adrotate banner=”13″]