2 matches found
CVE-2015-3191 - CSRF attack on change email | Cloud Foundry
CVE-2015-3191 – CSRF attack on change email Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v210 UAA versions prior to 2.3.0 Description The changeemail form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user...
CVE-2015-3189 - Expire old reset password links | Cloud Foundry
CVE-2015-3189 – Expire old reset password links Low Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v209 UAA versions prior to 2.2.6 Description Old Password Reset Links are not expired after the user changes their current email address to a new one. This...