4 matches found
CVE-2015-3191
CVE-2015-3191 is a CSRF vulnerability in the Cloud Foundry UAA change_email endpoint. Affected are Cloud Foundry cf-release versions prior to v210 and UAA standalone deployments prior to 2.3.0 (specifically UAA 2.2.6 or earlier; cf-release v209 or earlier). The issue allows an attacker to trigger...
CVE-2015-3190
The CVE-2015-3190 issue affects Cloud Foundry components where the UAA logout link can be used as an open redirect. Affected versions include cf-release v209 or earlier, UAA standalone v2.2.6 or earlier, and Cloud Foundry Runtime v1.4.5 or earlier. The underlying vulnerability allows an attacker ...
CVE-2016-0713
The CVE-2016-0713 entry applies to Cloud Foundry Gorouter in cf-release versions 141–228, where a cross-site scripting (XSS) vulnerability can be exploited when an attacker modifies requests, enabling potential MITM-like behavior and unauthorized operations. Publicly documented impact is XSS via ...
CVE-2016-8218
CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...