2 matches found
CVE-2016-0732
The CVE-2016-0732 entry corresponds to a privilege-escalation vulnerability in the identity-zones feature of Cloud Foundry components. Affected products include Cloud Foundry v208–v229, UAA v2.0.0–v2.7.3 and v3.0.0, UAA-Release v2–v4, and Elastic Runtime v1.6.0–v1.6.13. The issue allows remote au...
CVE-2016-8218
CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...