CVE CVE-2019-3788 Mappings

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2019-3788 UAA Release (OSS) secondary_impact T1036 Masquerading
CVE-2019-3788 UAA Release (OSS) exploitation_technique T1566.002 Spearphishing Link