Uaa Release

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-22723 MEDIUM PATCH This Month

Cloudfoundry UAA versions 77.30.0 through 78.7.0 and Cloudfoundry Deployment versions 48.7.0 through 54.10.0 contain a logic error in the token revocation endpoint that allows authenticated users to inadvertently revoke tokens belonging to other users. An attacker with valid credentials could exploit this flaw to disrupt service availability by invalidating legitimate user sessions without authorization.

Information Disclosure Uaa Release Cf Deployment
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-22246 LOW Monitor

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. Rated low severity (CVSS 3.0). No vendor patch available.

Information Disclosure Cf Deployment Uaa Release
NVD
CVSS 3.1
3.0
EPSS
0.2%
CVE-2026-22723
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Cloudfoundry UAA versions 77.30.0 through 78.7.0 and Cloudfoundry Deployment versions 48.7.0 through 54.10.0 contain a logic error in the token revocation endpoint that allows authenticated users to inadvertently revoke tokens belonging to other users. An attacker with valid credentials could exploit this flaw to disrupt service availability by invalidating legitimate user sessions without authorization.

Information Disclosure Uaa Release Cf Deployment
NVD
CVE-2025-22246
EPSS 0% CVSS 3.0
LOW Monitor

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. Rated low severity (CVSS 3.0). No vendor patch available.

Information Disclosure Cf Deployment Uaa Release
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy