First published: Tue Oct 24 2017(Updated: )
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Cf-release | <216 | |
Pivotal Software Cloud Foundry Elastic Runtime | <1.7.0 | |
Pivotal Software Cloud Foundry Uaa | <2.5.2 | |
maven/org.cloudfoundry.identity:cloudfoundry-identity-server | <2.5.2 | 2.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.