CVE-2024-38806
LOWDescription
Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-38806? +
How severe is CVE-2024-38806? +
How do I check if I'm vulnerable to CVE-2024-38806? +
Related Vulnerabilities
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. …
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows …
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this …
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing …
An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved …
Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.