Severity
Critical
Vendor
Cloud Foundry Foundation
Description
Cloud Foundry UAA, versions prior to 74.7.0, contain a dependency on a vulnerable version of FasterXML jackson-databind. These issues have the CVEs CVE-2019-17531, CVE-2019-14379, CVE-2019-16942, CVE-2019-14540, CVE-2019-17267, CVE-2019-16335, and CVE-2019-16943.
Affected Cloud Foundry Products and Versions
- CF Deployment
- All versions prior to v12.7.0
 
- UAA
- All versions prior to v74.7.0
 
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- CF Deployment
- Upgrade All versions to v12.6.0 or greater
 
- UAA
- Upgrade All versions to v74.6.0 or greater
 
History
2019-11-06: Initial vulnerability report published.
 
    
 
    