First published: Tue Oct 24 2017(Updated: )
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Cf-release | <216 | |
Pivotal Software Cloud Foundry Elastic Runtime | <1.7.0 | |
Pivotal Software Cloud Foundry Uaa | <2.5.2 | |
maven/org.cloudfoundry.identity:cloudfoundry-identity-server | <2.5.2 | 2.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.