CVE-2019-3788— UAA redirect-uri allows wildcard in the subdomain
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-3788
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
UAA redirect-uri allows wildcard in the subdomain
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cloud Foundry UAA 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cloud Foundry UAA是一款应用于CloudFoundry云平台的身份验证和管理服务终端。 Cloud Foundry UAA Release 71.0之前版本中存在安全漏洞。远程攻击者可通过构造钓鱼链接利用该漏洞获取UAA的访问码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cloud Foundry | UAA Release (OSS) | All ~ v71.0 | - | |
| Pivotal | Pivotal Application Service | 2.5 ~ 2.5.1 | - |
II. Public POCs for CVE-2019-3788
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-3788
请登录查看更多情报信息。
- https://www.cloudfoundry.org/blog/cve-2019-3788x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-3788
IV. Related Vulnerabilities
Same weakness: CWE-601
- CVE-2026-42350
Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Qu - CVE-2026-42195
Unvalidated gitlab URL parameter redirects OAuth authorize s - CVE-2026-3318
Multiple vulnerabilities in Cradle e-commerce - CVE-2026-42259
Saltcorn: Open Redirect in `POST /auth/login` due to incompl - CVE-2026-6795
Open Redirect in DivvyDrive Information Technologies' DivvyD
V. Comments for CVE-2019-3788
No comments yet