Lucene search
K
CloudfoundryCf-release209

4 matches found

CVE
CVE
added 2017/05/25 5:0 p.m.50 views

CVE-2015-3191

CVE-2015-3191 is a CSRF vulnerability in the Cloud Foundry UAA change_email endpoint. Affected are Cloud Foundry cf-release versions prior to v210 and UAA standalone deployments prior to 2.3.0 (specifically UAA 2.2.6 or earlier; cf-release v209 or earlier). The issue allows an attacker to trigger...

8.8CVSS8.5AI score0.00486EPSS
CVE
CVE
added 2017/05/25 5:0 p.m.47 views

CVE-2015-3190

The CVE-2015-3190 issue affects Cloud Foundry components where the UAA logout link can be used as an open redirect. Affected versions include cf-release v209 or earlier, UAA standalone v2.2.6 or earlier, and Cloud Foundry Runtime v1.4.5 or earlier. The underlying vulnerability allows an attacker ...

6.1CVSS6.1AI score0.00717EPSS
CVE
CVE
added 2017/08/31 2:0 p.m.44 views

CVE-2016-0713

The CVE-2016-0713 entry applies to Cloud Foundry Gorouter in cf-release versions 141–228, where a cross-site scripting (XSS) vulnerability can be exploited when an attacker modifies requests, enabling potential MITM-like behavior and unauthorized operations. Publicly documented impact is XSS via ...

4.7CVSS4.3AI score0.00541EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.44 views

CVE-2016-8218

CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...

9.8CVSS9.3AI score0.01297EPSS