CVE-2024-38806

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation  v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 ,
 potentially resulting in users retaining access rights they should not 
have.  This can allow them to perform operations beyond their intended 
permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.9 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
vmwareCNA
3.9 LOW
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Common Weakness Enumeration
References
https://www.cloudfoundry.org/blog/cve-2024-38806-uaa-failure-to-remove-shadow-users-access
https://www.cloudfoundry.org/blog/cve-2024-38806-uaa-failure-to-remove-shadow-users-access