Search criteria
84 vulnerabilities found for cloud_foundry_elastic_runtime by pivotal_software
FKIE_CVE-2016-0715
Vulnerability from fkie_nvd - Published: 2018-09-11 17:29 - Updated: 2024-11-21 02:42
Severity ?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2016-0715 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0715 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61E71217-AE50-4073-8B25-555BE399AB4C",
"versionEndIncluding": "1.4.5",
"versionStartIncluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B65F98-7509-4CA9-9692-CAA75ADE6ECC",
"versionEndIncluding": "1.5.11",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0DD97E-27F9-4C12-9FFE-A5C6C0A09473",
"versionEndIncluding": "1.6.11",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
},
{
"lang": "es",
"value": "Pivotal Cloud Foundry Elastic Runtime, desde la versi\u00f3n 1.4.0 hasta la 1.4.5, de la 1.5.0 hasta la 1.5.11 y desde la versi\u00f3n 1.6.0 hasta la 1.6.11 es vulnerable a una divulgaci\u00f3n de informaci\u00f3n remota. Se ha detectado que las instrucciones originales de configuraci\u00f3n de la mitigaci\u00f3n que se proporcionaron como parte de CVE-2016-0708 estaban incompletas y podr\u00edan hacer que PHP Buildpack, Staticfile Buildpack y, probablemente, otras aplicaciones Buildpack personalizadas sean vulnerables a la divulgaci\u00f3n de informaci\u00f3n remota. Las aplicaciones afectadas emplean la detecci\u00f3n automatizada de buildpack, sirven archivos directamente desde el root de la aplicaci\u00f3n y tienen un buildpack que coincid\u00eda con el Java Buildpack en la prioridad del sistema buildpack cuando Java Buildpack estaba presente en versiones desde la2.0 hasta la 3.4."
}
],
"id": "CVE-2016-0715",
"lastModified": "2024-11-21T02:42:14.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T17:29:00.223",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6658
Vulnerability from fkie_nvd - Published: 2018-03-29 22:29 - Updated: 2024-11-21 02:56
Severity ?
Summary
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-6658 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-6658 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "381D7323-8A68-4814-9193-67B6EEC6678D",
"versionEndExcluding": "245",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40E584D4-7CA3-42E0-A9F3-79E67C111D65",
"versionEndExcluding": "1.6.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD51AC4-E544-4E15-BC72-D252D9773EA8",
"versionEndExcluding": "1.7.31",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11FE44C3-64CB-499F-A81F-DFB6E8BA3EFE",
"versionEndExcluding": "1.8.11",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
},
{
"lang": "es",
"value": "Applications en cf-release, en versiones anteriores a la 245, puede configurarse e insertarse con un buildpack personalizado proporcionado por el usuario mediante una URL que se\u00f1ale al buildpack. Aunque no se recomienda, un usuario puede especificar una credencial en la URL (basic auth o OAuth) para acceder al buildpack a trav\u00e9s del CLI. Por ejemplo, el usuario puede incluir un nombre de usuario y contrase\u00f1a de GitHub en la URL para acceder a un repositorio privado. Debido a que la URL empleada para acceder al buildpack se almacena sin cifrar, un operador con acceso privilegiado a la base de datos de Cloud Controller podr\u00eda ver estas credenciales."
}
],
"id": "CVE-2016-6658",
"lastModified": "2024-11-21T02:56:34.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-29T22:29:00.477",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5173
Vulnerability from fkie_nvd - Published: 2017-10-24 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que los atacantes causen un impacto no especificado mediante vectores que involucren emails con enlaces de recuperaci\u00f3n de contrase\u00f1as. Esta vulnerabilidad tambi\u00e9n se conoce como \"Cross Domain Referer Leakage\"."
}
],
"id": "CVE-2015-5173",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.290",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5171
Vulnerability from fkie_nvd - Published: 2017-10-24 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
},
{
"lang": "es",
"value": "La funcionalidad de cambio de contrase\u00f1a en Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que los atacantes causen un impacto no especificado aprovechando que no caducan las sesiones existentes."
}
],
"id": "CVE-2015-5171",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.230",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5172
Vulnerability from fkie_nvd - Published: 2017-10-24 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que atacantes causen un impacto no especificado aprovechando que no caducan los enlaces de reinicio de contrase\u00f1a."
}
],
"id": "CVE-2015-5172",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.260",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5170
Vulnerability from fkie_nvd - Published: 2017-10-24 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/101579 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101579 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-5170-5173 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E39C984-9592-4C18-A220-F3BF2FF0E4D3",
"versionEndExcluding": "216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349BBE7C-CB38-4F96-B42C-03982C4D6071",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF9860B-08BA-42CA-A3C0-34BE821C47B2",
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
},
{
"lang": "es",
"value": "Cloud Foundry Runtime cf-release en versiones anteriores a la 216, UAA en versiones anteriores a la 2.5.2 y Pivotal Cloud Foundry (PCF) Elastic Runtime en versiones anteriores a la 1.7.0 permite que atacantes remotos realicen ataques Cross-Site Request Forgery (CSRF) en PWS y registren un usuario en una cuenta arbitraria aprovech\u00e1ndose de la falta de chequeos contra CSRF."
}
],
"id": "CVE-2015-5170",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-24T17:29:00.183",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101579"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4955
Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/97082 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-4955 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97082 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-4955 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC58A11-78C4-495B-A898-048EE9F3063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D21BF37-C46C-4AF2-BEDA-F048520B2364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "22F33DD4-DDE7-4742-8FC6-15B6A1879A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "74509FEE-7166-4E02-8DF1-8F37DF6B0544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8CCAAC-4ED2-4EA2-A929-ED2A2422DB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5340E4-0C9D-40F5-9E34-14E793A44361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "C45701FC-4423-4C05-A32F-75DB4B9F1E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.46:*:*:*:*:*:*:*",
"matchCriteriaId": "902B67BD-57D8-4088-9FD6-9691ADB86D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "28873E30-9073-424E-B68B-8DF11AFB72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F8DC97-BBBA-4377-ADF0-1F92AC5E135E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C3585890-0DD5-4184-9AEE-5F22EACA2963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "3B26DE06-585E-4E8B-81BD-5DAF32CF1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "12188BF1-1307-48B0-AAE4-6C91402B726F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "335DB844-E49A-439E-A4B3-D8E45BFE5DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90B5C3-4F17-4F8C-83A2-DFCD194F965C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "AA644782-F305-4BDB-B720-FF88D5B40308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "97E71936-5F88-4A8C-BFE5-9591FEC3B5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "62C9C2B9-DF79-4C9E-87F1-2949F9FC8C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1F458801-EB3D-4295-B7B1-AA8259758157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC59E2D-87E5-486E-8035-878B9C85E18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3870B8B2-FAF2-4374-B580-9884B72F2FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.60:*:*:*:*:*:*:*",
"matchCriteriaId": "69589093-7B4F-433B-AD35-60CB9392C08C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3C846FB3-526A-4B63-A10D-144DF6E31BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.62:*:*:*:*:*:*:*",
"matchCriteriaId": "F36A6F3C-B2D9-483B-90CD-127DF7444514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.63:*:*:*:*:*:*:*",
"matchCriteriaId": "394F138C-2C9C-46F5-A7E2-95511A2919C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.64:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76CF05-C43D-45C1-A709-1BB7097B9E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "62465763-0887-4082-9363-8F70B264F29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "088B4A1B-3E98-4B9E-8430-30F6E61B560B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2A13F165-C8D2-4BCB-84D3-B264C3DDD1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0844334C-E31A-4D85-B12A-AD06A00BF76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF4D45-1011-4252-A1A0-7A60BF6010ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9CB7CA-00B2-4583-ACDB-9269E380D328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCF9CD2-4D4C-44CF-BD32-146A7C782DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "034CA20F-30F2-4A6B-BE15-685864B4BB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5BB61-A6FF-4F7B-852F-6EE86992E5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1D25BD5D-948B-4E5E-B25D-669CEDA02A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4634673B-84CD-4FCD-AECB-D5B865C0B05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.32:*:*:*:*:*:*:*",
"matchCriteriaId": "57AE9EB2-4FA8-4186-B6F2-3F8EE3AB880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2B077E17-2BDC-4A55-990C-EE9036D80895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.34:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAB3961-38F3-4AEE-8EEA-AC929F93F9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "FB91D749-3F61-4EAA-872B-27E66BF6D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F23EA9FC-3396-40DB-925F-62CBA92B407C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.37:*:*:*:*:*:*:*",
"matchCriteriaId": "47D4AF5F-FCC7-4795-9E12-7EEA3686F059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC87A91E-9804-4E77-99F0-75D87C970151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.39:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43BD2D-DD11-49F8-9894-719982B1B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF27099-228F-422B-95BA-F8BDDCD72D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.41:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4093B0-E785-4E4D-A076-FAB5CFF397CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAC1C6F-F41A-45B9-A9BC-0BBCB396EC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.43:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9862AE-D007-453B-9480-88CBF2C94A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.44:*:*:*:*:*:*:*",
"matchCriteriaId": "85738A2A-5E35-480D-8BCE-A8298FB5A91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E99A62-2EA2-476A-95F4-8674E6887891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.46:*:*:*:*:*:*:*",
"matchCriteriaId": "C20FB123-CB94-46B3-8800-C93BB6285B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.47:*:*:*:*:*:*:*",
"matchCriteriaId": "411351FC-6D34-4FB9-A658-937519095A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAEFA2F-3E9E-4B4F-8679-7F70A3ED6292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "81501627-C022-4BEC-AF42-B10DF1CDA69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD7FDCF-4123-4000-821B-88D5214AF74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224626-1FB4-4DF5-B16F-5D2741E51E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD367D8-748B-4CE7-8CF4-0549B02B1766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F25D21E0-E84B-4BCF-B2D0-2332CD583128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C76651-7E20-4456-ADA3-DF5020471743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7911DD-A3CC-4046-884D-C11A1263B037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F122CEA-7924-45A6-BCFD-B9079C4B0DCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en las versiones de PCF Elastic Runtime de Pivotal versiones 1.6.x anteriores a 1.6.65, versiones 1.7.x anteriores a 1.7.48, versiones 1.8.x anteriores a 1.8.28 y versiones 1.9.x anteriores a 1.9.5. Varias credenciales estaban presentes en los registros para la tarea Notifications en el mosaico de PCF Elastic Runtime."
}
],
"id": "CVE-2017-4955",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.330",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97082"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4955"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-2773
Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/97135 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-2773 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97135 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-2773 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C07910-C462-46C1-83CB-39B3FD8D25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B9243E-31EF-48AB-BAB5-CCC3704A219F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB1D4B-F44C-41A1-90CA-62FD37003A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F623783F-46DF-454E-BD83-5D2AE35EA9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD9D35B-3E85-49FD-BA0A-D9020C5F280E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A28CEEDF-FA40-4922-87A6-35DEBF184DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F08111-51B1-4866-8695-C0877FC77D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC58A11-78C4-495B-A898-048EE9F3063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "620EAB8D-3754-494D-9912-724A0FE1E80F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBA74BD-EF83-4F29-8040-FB5B35D38C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E00BE6-B2B6-4C02-9510-1F3DCC081173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9E726-CF92-4DE5-8A04-02428328CC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1CAC4E-3CD6-4D0C-8544-9481E57FD338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D0F13A-D149-492D-A484-B7F4235B2DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "160A9972-DCF2-46A9-8025-938C492E5A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "43978845-CC25-4975-8155-AC0999A4268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1A6848-16B9-47EC-B7C8-7740086398F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D9708D36-4A9B-484A-A627-69A85D66EDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB1C89-79D2-4997-A00D-E6E62243278B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "C071EA95-4AE2-43DC-900F-3DDD38959754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FF1F58-580A-4035-9427-1B4E96FC9E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "71499439-2748-4B4F-8659-AE4F67CCC8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "50161ECB-FEEA-4E1C-8DF9-5F3F7D944895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D21BF37-C46C-4AF2-BEDA-F048520B2364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "22F33DD4-DDE7-4742-8FC6-15B6A1879A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "74509FEE-7166-4E02-8DF1-8F37DF6B0544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8CCAAC-4ED2-4EA2-A929-ED2A2422DB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5340E4-0C9D-40F5-9E34-14E793A44361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "C45701FC-4423-4C05-A32F-75DB4B9F1E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.46:*:*:*:*:*:*:*",
"matchCriteriaId": "902B67BD-57D8-4088-9FD6-9691ADB86D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "28873E30-9073-424E-B68B-8DF11AFB72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.48:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F8DC97-BBBA-4377-ADF0-1F92AC5E135E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C3585890-0DD5-4184-9AEE-5F22EACA2963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.50:*:*:*:*:*:*:*",
"matchCriteriaId": "3B26DE06-585E-4E8B-81BD-5DAF32CF1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.51:*:*:*:*:*:*:*",
"matchCriteriaId": "12188BF1-1307-48B0-AAE4-6C91402B726F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.52:*:*:*:*:*:*:*",
"matchCriteriaId": "335DB844-E49A-439E-A4B3-D8E45BFE5DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.53:*:*:*:*:*:*:*",
"matchCriteriaId": "DA90B5C3-4F17-4F8C-83A2-DFCD194F965C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.54:*:*:*:*:*:*:*",
"matchCriteriaId": "AA644782-F305-4BDB-B720-FF88D5B40308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.55:*:*:*:*:*:*:*",
"matchCriteriaId": "97E71936-5F88-4A8C-BFE5-9591FEC3B5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.56:*:*:*:*:*:*:*",
"matchCriteriaId": "62C9C2B9-DF79-4C9E-87F1-2949F9FC8C6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1F458801-EB3D-4295-B7B1-AA8259758157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.58:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC59E2D-87E5-486E-8035-878B9C85E18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.59:*:*:*:*:*:*:*",
"matchCriteriaId": "3870B8B2-FAF2-4374-B580-9884B72F2FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B75A7F-EAAC-4D81-9A10-D8DB45828EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA53D5B4-75BF-445F-96AA-4DC308B76E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5D5D9-604D-4917-99D0-1F41784A6835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2BF60D-EEEE-4F4C-A19F-108C78366089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED880C-5EF5-4FEA-A4BD-58CA61C12A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA80BA5-66B0-4A6C-B552-175DBB930EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDBAF27-D5DC-4379-A76E-7BD2CD98EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D957FD98-C2B4-48C2-81A0-37B2581E9F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0DADB2DA-A12F-426E-9DEB-3628B081F78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "99C97080-9BD3-4F17-A0E4-80F9F4CD7DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E764D26C-D2C4-496C-936F-BF6793BF7C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1E574EDD-AD33-4A00-8E14-76F0134EC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A2274274-C1F8-4E42-AF7A-BDBF379E823E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB25167-8350-4362-876C-690F5B5B057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "28F89423-3AEE-475A-BBBA-B895D9732A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B5CB0D-09C9-4CB2-B842-CA68400CDAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F047032B-218E-41BF-9F46-4682D415960E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B291CCA0-EAE5-4900-ABF3-9A9D76910BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DAD87-111B-4F17-85CC-65C395851079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "248878D6-7987-4608-9A28-66F3F7EFB976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "62465763-0887-4082-9363-8F70B264F29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "088B4A1B-3E98-4B9E-8430-30F6E61B560B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "2A13F165-C8D2-4BCB-84D3-B264C3DDD1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0844334C-E31A-4D85-B12A-AD06A00BF76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF4D45-1011-4252-A1A0-7A60BF6010ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9CB7CA-00B2-4583-ACDB-9269E380D328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCF9CD2-4D4C-44CF-BD32-146A7C782DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "034CA20F-30F2-4A6B-BE15-685864B4BB41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5BB61-A6FF-4F7B-852F-6EE86992E5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1D25BD5D-948B-4E5E-B25D-669CEDA02A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4634673B-84CD-4FCD-AECB-D5B865C0B05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.32:*:*:*:*:*:*:*",
"matchCriteriaId": "57AE9EB2-4FA8-4186-B6F2-3F8EE3AB880E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2B077E17-2BDC-4A55-990C-EE9036D80895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.34:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAB3961-38F3-4AEE-8EEA-AC929F93F9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "FB91D749-3F61-4EAA-872B-27E66BF6D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.36:*:*:*:*:*:*:*",
"matchCriteriaId": "F23EA9FC-3396-40DB-925F-62CBA92B407C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.37:*:*:*:*:*:*:*",
"matchCriteriaId": "47D4AF5F-FCC7-4795-9E12-7EEA3686F059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC87A91E-9804-4E77-99F0-75D87C970151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.39:*:*:*:*:*:*:*",
"matchCriteriaId": "BE43BD2D-DD11-49F8-9894-719982B1B4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3BF27099-228F-422B-95BA-F8BDDCD72D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FA79FA-C53E-4852-941B-F8B32EBC0BE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Pivotal PCF Elastic Runtime en versiones 1.6.x anteriores a la 1.6.60, versiones 1.7.x anteriores a la 1.7.41, versiones 1.8.x anteriores a la 1.8.23 y versiones 1.9.x anteriores a la 1.9.1. La l\u00f3gica de validaci\u00f3n incompleta en las bibliotecas JSON Web Token (JWT) puede permitir que atacantes no privilegiados suplanten a otros usuarios en m\u00faltiples componentes incluidos en PCF Elastic Runtime. Esto tambi\u00e9n se conoce como problema \"Unauthenticated JWT signing algorithm in multiple components\"."
}
],
"id": "CVE-2017-2773",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.300",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"source": "security_alert@emc.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-2773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-4959
Vulnerability from fkie_nvd - Published: 2017-06-13 06:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/96218 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://pivotal.io/security/cve-2017-4959 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96218 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2017-4959 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258FAFB4-2B67-456B-BE78-1562A3D5E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15F08919-8764-419D-A399-1EAA6B055C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09BA6E79-22B6-4E5E-8C85-BBA8CB6C1828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB328ACE-FC3C-4255-9400-A9BBC5059F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "877383E9-545F-4324-B8EA-76F33B7C11C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6BCA5E-1A43-41AA-ACEC-2C73E1B84D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF15EDB-2707-43E2-9B53-C0CCA28AC972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C896CBBE-BE7B-44C3-A25E-F85BC7F6CE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "944374E2-A07E-4EEA-BE0C-47EF62FFABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA85D5-10B2-4003-A857-2C46F9559694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "799E1F2E-DA5F-41B5-9B83-55661E18D726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD9369A6-F59D-4C7A-830E-6EAC6F81A493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31A2732A-0309-4DF0-9EF1-7954D10BCFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C3101A31-55B3-4212-B78F-FE574B445F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DED599DA-D25C-45FD-9CDA-8E9E2D17364C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA779B7-1660-48B7-A648-E3952BFD1B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83A66A35-48D1-48E5-97A9-A6F136EC9BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "598033B9-A0FB-4A5B-9417-5A434608232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE5BCF-A1C8-4F24-A5BC-70FAF096253F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.19:*:*:*:*:*:*:*",
"matchCriteriaId": "85E0C92F-485D-4675-95F8-672E8489AF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B95BB7C-D9D7-4A63-B8AB-6EB456D236A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A06AE8D5-F30A-4F73-AF69-622F01D0BF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "167A8FDC-4C37-4AC4-9A0D-B73602F8062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.23:*:*:*:*:*:*:*",
"matchCriteriaId": "DDAEFA2F-3E9E-4B4F-8679-7F70A3ED6292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "81501627-C022-4BEC-AF42-B10DF1CDA69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD7FDCF-4123-4000-821B-88D5214AF74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224626-1FB4-4DF5-B16F-5D2741E51E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.27:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD367D8-748B-4CE7-8CF4-0549B02B1766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.8.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DDC3D0-2523-4A10-824F-6630F7559CD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FA79FA-C53E-4852-941B-F8B32EBC0BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F25D21E0-E84B-4BCF-B2D0-2332CD583128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C76651-7E20-4456-ADA3-DF5020471743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7911DD-A3CC-4046-884D-C11A1263B037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F122CEA-7924-45A6-BCFD-B9079C4B0DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EBBFA1F5-3A00-4BCE-8E8D-B3E898933A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3329004D-1F23-4991-A8ED-51DB1E596FD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Pivotal PCF Elastic Runtime, en versiones 1.8.x anteriores a la 1.8.29 y en versiones 1.9.x anteriores a la 1.9.7. Los despliegues de Pivotal Cloud Foundry que emplean la aplicaci\u00f3n Pivotal Account son vulnerables a un error que permite que un usuario autorizado tome el control de la cuenta de otro usuario, lo que podr\u00eda provocar el bloqueo de la cuenta y un potencial escalado de privilegios."
}
],
"id": "CVE-2017-4959",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-13T06:29:00.363",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3189
Vulnerability from fkie_nvd - Published: 2017-05-25 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2015-3189 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-3189 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F11FD354-9940-4745-BF27-19108E2E567E",
"versionEndIncluding": "208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6812A0-8836-4F25-9AC1-DB552BC605ED",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F876A8B-AA8F-4DAD-B840-6CDF1076AF9D",
"versionEndIncluding": "2.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
},
{
"lang": "es",
"value": "En Cloud Foundry Runtime versiones v208 y anteriores, UAA Standalone versiones 2.2.5 o anteriores y Pivotal Cloud Foundry Runtime, versiones 1.4.5 o anteriores, los enlaces a contrase\u00f1as antiguas reseteadas no expiran despu\u00e9s de que un usuario cambie su direcci\u00f3n de correo electr\u00f3nico actual a una nueva. Esta vulnerabilidad aplica solo cuando se almacena el UAA del usuario interno para la autenticaci\u00f3n. Despliegues habilitados para la integraci\u00f3n a trav\u00e9s de SAML o LDAP no estar\u00edan afectados."
}
],
"id": "CVE-2015-3189",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.333",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3189"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-3084
Vulnerability from fkie_nvd - Published: 2017-05-25 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2016-3084 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-3084 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57DF722B-A92F-40C3-8764-947D572F5D9A",
"versionEndIncluding": "10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F090E28-89CF-409D-882D-3AB25689E3CE",
"versionEndIncluding": "236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7E04E4-FB07-4193-AFCD-4FD727460E7D",
"versionEndIncluding": "1.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8C03CB-F0E7-4CE7-8B25-08E20520B5CE",
"versionEndIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:login-server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60348882-C48C-434B-B311-A157E3BFC833",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
},
{
"lang": "es",
"value": "El flujo de la contrase\u00f1a de restablecimiento de UAA en Cloud Foundry release versi\u00f3n v236 y anteriores, UAA release versi\u00f3n v3.3.0 y anteriores, todas las versiones de Login-server, UAA release versi\u00f3n v10 y anteriores y Pivotal Elastic Runtime versiones anteriores a 1.7.2, son vulnerables a un ataque de fuerza bruta debido a m\u00faltiples c\u00f3digos activos en un momento dado. Esta vulnerabilidad solo es aplicable cuando usa el almac\u00e9n de usuarios interno de UAA para la autenticaci\u00f3n. Las implementaciones habilitadas para la integraci\u00f3n por medio de SAML o LDAP no est\u00e1n afectadas."
}
],
"id": "CVE-2016-3084",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.630",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-3084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-3084"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3191
Vulnerability from fkie_nvd - Published: 2017-05-25 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://pivotal.io/security/cve-2015-3191 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2015-3191 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| pivotal_software | cloud_foundry_elastic_runtime | * | |
| pivotal_software | cloud_foundry_uaa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D648E4CC-C6C7-4C5C-B554-528D4DBDC079",
"versionEndIncluding": "209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6812A0-8836-4F25-9AC1-DB552BC605ED",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7981BF0-D4AF-4E06-96DE-725FE2D581A5",
"versionEndIncluding": "2.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected."
},
{
"lang": "es",
"value": "En Cloud Foundry Runtime versiones v209 y anteriores, UAA Standalone versiones 2.2.6 o anteriores y Pivotal Cloud Foundry Runtime, versiones 1.4.5 o anteriores, el formulario change_email en UAA es vulnerable a un ataque de tipo CSFR. Esto permitir\u00eda a un atacante activar un cambio de e-mail para un usuario logado en una instancia de Cloud Foundry a trav\u00e9s de un link malicioso en un site controlado por el atacante. Despliegues habilitados para la integraci\u00f3n a trav\u00e9s de SAML o LDAP no estar\u00edan afectados."
}
],
"id": "CVE-2015-3191",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-25T17:29:00.410",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2015-3191"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-0715 (GCVE-0-2016-0715)
Vulnerability from cvelistv5 – Published: 2018-09-11 17:00 – Updated: 2024-09-16 16:48
VLAI?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Cloud Foundry Elastic Runtime |
Affected:
1.4.0 through 1.4.5
Affected: 1.5.0 through 1.5.11 Affected: 1.6.0 through 1.6.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Cloud Foundry Elastic Runtime",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.4.0 through 1.4.5"
},
{
"status": "affected",
"version": "1.5.0 through 1.5.11"
},
{
"status": "affected",
"version": "1.6.0 through 1.6.11"
}
]
}
],
"datePublic": "2015-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2015-01-18T00:00:00",
"ID": "CVE-2016-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Cloud Foundry Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "1.4.0 through 1.4.5"
},
{
"version_value": "1.5.0 through 1.5.11"
},
{
"version_value": "1.6.0 through 1.6.11"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0715",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0715",
"datePublished": "2018-09-11T17:00:00Z",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:30.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6658 (GCVE-0-2016-6658)
Vulnerability from cvelistv5 – Published: 2018-03-29 22:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T21:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6658",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6658",
"datePublished": "2018-03-29T22:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5171 (GCVE-0-2015-5171)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5171",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5170 (GCVE-0-2015-5170)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5170",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5172 (GCVE-0-2015-5172)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5172",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5173 (GCVE-0-2015-5173)
Vulnerability from cvelistv5 – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5173",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4959 (GCVE-0-2017-4959)
Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
Severity ?
No CVSS data available.
CWE
- Pivotal Cloud Foundry account authorization vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pivotal Cloud Foundry account authorization vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry account authorization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96218"
},
{
"name": "https://pivotal.io/security/cve-2017-4959",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4959",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4955 (GCVE-0-2017-4955)
Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
Severity ?
No CVSS data available.
CWE
- Credentials in Elastic Runtime Notifications errand log
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Credentials in Elastic Runtime Notifications errand log",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credentials in Elastic Runtime Notifications errand log"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-4955",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4955",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2773 (GCVE-0-2017-2773)
Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:02
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
Severity ?
No CVSS data available.
CWE
- Unauthenticated JWT signing algorithm in multiple components
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated JWT signing algorithm in multiple components",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-2773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated JWT signing algorithm in multiple components"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97135"
},
{
"name": "https://pivotal.io/security/cve-2017-2773",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-2773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-2773",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0715 (GCVE-0-2016-0715)
Vulnerability from nvd – Published: 2018-09-11 17:00 – Updated: 2024-09-16 16:48
VLAI?
Summary
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Cloud Foundry Elastic Runtime |
Affected:
1.4.0 through 1.4.5
Affected: 1.5.0 through 1.5.11 Affected: 1.6.0 through 1.6.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Cloud Foundry Elastic Runtime",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.4.0 through 1.4.5"
},
{
"status": "affected",
"version": "1.5.0 through 1.5.11"
},
{
"status": "affected",
"version": "1.6.0 through 1.6.11"
}
]
}
],
"datePublic": "2015-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2015-01-18T00:00:00",
"ID": "CVE-2016-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Cloud Foundry Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "1.4.0 through 1.4.5"
},
{
"version_value": "1.5.0 through 1.5.11"
},
{
"version_value": "1.6.0 through 1.6.11"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0715",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0715",
"datePublished": "2018-09-11T17:00:00Z",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-09-16T16:48:30.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6658 (GCVE-0-2016-6658)
Vulnerability from nvd – Published: 2018-03-29 22:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:29.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-29T21:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-6658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-6658",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-6658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2016-6658",
"datePublished": "2018-03-29T22:00:00",
"dateReserved": "2016-08-10T00:00:00",
"dateUpdated": "2024-08-06T01:36:29.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5171 (GCVE-0-2015-5171)
Vulnerability from nvd – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5171",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5170 (GCVE-0-2015-5170)
Vulnerability from nvd – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5170",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5172 (GCVE-0-2015-5172)
Vulnerability from nvd – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5172",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5173 (GCVE-0-2015-5173)
Vulnerability from nvd – Published: 2017-10-24 17:00 – Updated: 2024-08-06 06:41
VLAI?
Summary
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka \"Cross Domain Referer Leakage.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5173",
"datePublished": "2017-10-24T17:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4959 (GCVE-0-2017-4959)
Vulnerability from nvd – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.
Severity ?
No CVSS data available.
CWE
- Pivotal Cloud Foundry account authorization vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Pivotal Cloud Foundry account authorization vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "96218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Pivotal Cloud Foundry account authorization vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96218"
},
{
"name": "https://pivotal.io/security/cve-2017-4959",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4959",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4955 (GCVE-0-2017-4955)
Vulnerability from nvd – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
Severity ?
No CVSS data available.
CWE
- Credentials in Elastic Runtime Notifications errand log
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Credentials in Elastic Runtime Notifications errand log",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credentials in Elastic Runtime Notifications errand log"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2017-4955",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-4955"
},
{
"name": "97082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-4955",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-29T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2773 (GCVE-0-2017-2773)
Vulnerability from nvd – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:02
VLAI?
Summary
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
Severity ?
No CVSS data available.
CWE
- Unauthenticated JWT signing algorithm in multiple components
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PCF Elastic Runtime |
Affected:
PCF Elastic Runtime
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCF Elastic Runtime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PCF Elastic Runtime"
}
]
}
],
"datePublic": "2017-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated JWT signing algorithm in multiple components",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-13T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "97135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2017-2773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-2773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCF Elastic Runtime",
"version": {
"version_data": [
{
"version_value": "PCF Elastic Runtime"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an \"Unauthenticated JWT signing algorithm in multiple components\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated JWT signing algorithm in multiple components"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97135"
},
{
"name": "https://pivotal.io/security/cve-2017-2773",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2017-2773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-2773",
"datePublished": "2017-06-13T06:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}