cve/2019/CVE-2019-11268.md

### [CVE-2019-11268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11268)
![](https://img.shields.io/static/v1?label=Product&message=UAA%20Release%20(OSS)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Information%20Exposure&color=brighgreen)

### Description

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/alphaSeclab/sec-daily-2019
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-11268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11268)`
			`![](https://img.shields.io/static/v1?label=Product&message=UAA%20Release%20(OSS)&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Information%20Exposure&color=brighgreen)`

			`### Description`

			`Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/alphaSeclab/sec-daily-2019`