Cf-release@209 Security Vulnerabilities and Issues — Cf-release@209 CVE List

Lucene search

CloudfoundryCf-release209

4 matches found

CVE•added 2017/05/25 5:29 p.m.•37 views

CVE-2015-3191

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud...

8.8CVSS8.5AI score0.00119EPSS

CVE•added 2017/05/25 5:29 p.m.•36 views

CVE-2015-3190

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.

6.1CVSS6.1AI score0.00197EPSS

CVE•added 2017/06/13 6:29 a.m.•33 views

CVE-2016-8218

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...

9.8CVSS9.3AI score0.00585EPSS

CVE•added 2017/08/31 2:29 p.m.•32 views

CVE-2016-0713

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

4.7CVSS4.3AI score0.0024EPSS