3 matches found
org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.1.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.1.0 <=4.11.0) +1 more potentially affected by CVE-2017-8031 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.10.0 <=4.5.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.10.0, =4.1.0, =4.1.0, =3.3.0.6, =4.30.0 Source cves: CVE-2017-8031 Source advisory: OSV:GHSA-J4P3-2M2H-CV5F...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.6.0 <=4.7.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.6.0 <=4.7.0) +1 more potentially affected by CVE-2017-8031 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.6.0 <=4.7.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.6.0, =4.6.0, =4.6.0, =4.6.0, =4.7.0 Source cves: CVE-2017-8031 Source advisory: OSV:GHSA-J4P3-2M2H-CV5F...
CVE-2017-8031
The CVE-2017-8031 entry concerns Cloud Foundry cf-release and UAA. Affected products: cf-release (all versions before v279) and UAA (30.x before 30.6; 45.x before 45.4; 52.x before 52.1). Issue: an authenticated user for a given client can revoke client tokens belonging to other users on the same...