{"id":"CVE-2019-3794","details":"Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.","modified":"2026-04-10T04:18:05.164158Z","published":"2019-07-18T16:15:12.530Z","references":[{"type":"ADVISORY","url":"https://www.cloudfoundry.org/blog/cve-2019-3794"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa-release","events":[{"introduced":"0"},{"fixed":"9040931f8c2a2754a5b585ad8900e27612245bda"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"73.4.0"}]}}],"versions":["ci-upgrade","v10","v11","v12","v12.3","v14","v15","v16","v17","v18","v19","v2","v20","v21","v22","v23","v24","v25","v26","v27","v3","v31","v53","v55","v56","v57","v58","v59","v6","v60","v61.0","v62.0","v63.0","v64.0","v66.0","v67.0","v68.0","v69.0","v7","v70.0","v71.0","v72.0","v73.0.0","v73.3.0","v8","v9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3794.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}