CVE-2018-11041: UAA open redirect

Severity

High

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

• You are using uaa versions later than 4.6.0 and prior to 4.19.0, except 4.10.1 and 4.7.5
• You are using uaa-release versions later than v48 and prior to v60, except v57.3, v55.1 and v52.9

Description

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.12.3, 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v57.3, v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

• Releases that have fixed this issue include:
  • uaa versions 4.19.0, 4.12.3, 4.10.1, 4.7.5
  • uaa-release versions v60, v57.3, v55.1, v52.9

Credit

This issue was responsibly reported by SAP.

History

2018-06-21: Initial vulnerability report published.

2018-07-20: Added patch version for 4.12 / v57