Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
CPE | Name | Operator | Version |
---|---|---|---|
cf-release | lt | 216 | |
cloud_foundry_elastic_runtime | lt | 1.7.0 | |
cloud_foundry_uaa | lt | 2.5.2 |