Lucene search
DellCVELIST:CVE-2015-3191HistoryMay 25, 2017 - 5:00 p.m.
CVE-2015-3191
2017-05-2517:00:00
dell
www.cve.org
3
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
CNA Affected
[
{
"product": "Cloud Foundry",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "Runtime cf-release versions v209 or earlier"
},
{
"status": "affected",
"version": "UAA Standalone versions 2.2.6 or earlier"
},
{
"status": "affected",
"version": "Runtime 1.4.5 or earlier"
}
]
}
]References
Related
cloudfoundry
cloudfoundry
CVE-2015-3191 - CSRF attack on change email | Cloud Foundry
2015-06-25 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-05-25 17:29:00
cve
cve
CVE-2015-3191
2017-05-25 17:29:00
nvd
nvd
CVE-2015-3191
2017-05-25 17:29:00