CVE-2019-3794

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-3794

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3794.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-3794

Published

2019-07-18T16:15:12.530Z

Modified

2025-11-14T09:48:13.256588Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.

References

https://www.cloudfoundry.org/blog/cve-2019-3794

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/uaa-release
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9040931f8c2a2754a5b585ad8900e27612245bda

Affected versions

Other

ci-upgrade

v10

v11

v12

v13

v14

v15

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v27

v28

v30

v31

v33

v39

v40

v41

v43

v44

v45

v50

v51

v52

v53

v54

v55

v56

v57

v58

v59

v60

v11.*

v11.1

v11.2

v11.3

v12.*

v12.1

v12.2

v12.3

v30.*

v30.1

v61.*

v61.0

v62.*

v62.0

v63.*

v63.0

v64.*

v64.0

v66.*

v66.0

v67.*

v67.0

v68.*

v68.0

v69.*

v69.0

v70.*

v70.0

v71.*

v71.0

v72.*

v72.0

v73.*

v73.0.0

v73.3.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3794.json"