CVE-2024-38806

Published Jul 18, 2024

Last updated 4 months ago

CVSS low 3.9

Overview

Description
Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.
Source
security@vmware.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.9
Impact score
3.4
Exploitability score
0.5
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Severity
LOW

Weaknesses

security@vmware.com
CWE-440

Social media

Hype score
Not currently trending

References