CVE-2017-8031

🗓️ 27 Nov 2017 10:00:00Reported by dellType

Issue in Cloud Foundry Foundation and UAA versions prior to v279, 30.x versions prior to 30.6, 45.x versions prior to 45.4, and 52.x versions prior to 52.1 allows authenticated user to revoke client tokens for other users on the same client, leading to denial of service

Reporter	Title	Published	Views	Family All 13
Cloud Foundry	CVE-2017-8031: UAA Denial of Service through client token revocation endpoint \| Cloud Foundry	7 Nov 201700:00	–	cloudfoundry
CNVD	Pivotal Cloud Foundry cf-release and UAA denial of service vulnerabilities	30 Nov 201700:00	–	cnvd
CVE	CVE-2017-8031	27 Nov 201710:00	–	cve
EUVD	EUVD-2022-4277	3 Oct 202520:07	–	euvd
Github Security Blog	Cloud Foundry UAA Denial of Service through client token revocation endpoint	13 May 202201:10	–	github
NVD	CVE-2017-8031	27 Nov 201710:29	–	nvd
OSV	CVE-2017-8031	27 Nov 201710:29	–	osv
OSV	GHSA-J4P3-2M2H-CV5F Cloud Foundry UAA Denial of Service through client token revocation endpoint	13 May 202201:10	–	osv
Prion	Design/Logic Flaw	27 Nov 201710:29	–	prion
Veracode	Denial Of Service (DoS) Through Token Revocation	9 Nov 201707:30	–	veracode

[
  {
    "product": "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/101967
cloudfoundry	www.cloudfoundry.org/cve-2017-8031/

29 Nov 2017 10:57Current

5.1Medium risk

Vulners AI Score5.1

EPSS0.00419