CVE-2016-8218: Input Validation
First published: Tue Jun 13 2017(Updated: )
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloud Foundry CF Release | <=203 | |
| Cloud Foundry CF Release | =204 | |
| Cloud Foundry CF Release | =205 | |
| Cloud Foundry CF Release | =206 | |
| Cloud Foundry CF Release | =207 | |
| Cloud Foundry CF Release | =208 | |
| Cloud Foundry CF Release | =209 | |
| Cloud Foundry CF Release | =210 | |
| Cloud Foundry CF Release | =211 | |
| Cloud Foundry CF Release | =212 | |
| Cloud Foundry CF Release | =213 | |
| Cloud Foundry CF Release | =214 | |
| Cloud Foundry CF Release | =215 | |
| Cloud Foundry CF Release | =217 | |
| Cloud Foundry CF Release | =218 | |
| Cloud Foundry CF Release | =219 | |
| Cloud Foundry CF Release | =220 | |
| Cloud Foundry CF Release | =221 | |
| Cloud Foundry CF Release | =222 | |
| Cloud Foundry CF Release | =223 | |
| Cloud Foundry CF Release | =224 | |
| Cloud Foundry CF Release | =225 | |
| Cloud Foundry CF Release | =226 | |
| Cloud Foundry CF Release | =227 | |
| Cloud Foundry CF Release | =228 | |
| Cloud Foundry CF Release | =229 | |
| Cloud Foundry CF Release | =230 | |
| Cloud Foundry CF Release | =231 | |
| Pivotal Cloud Foundry Routing Release | <=0.141.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8218?
CVE-2016-8218 is considered a high severity vulnerability due to its potential for user impersonation.
How do I fix CVE-2016-8218?
To fix CVE-2016-8218, upgrade to routing-release version 0.142.0 or higher, or cf-release version 232 or later.
Which versions are affected by CVE-2016-8218?
CVE-2016-8218 affects Cloud Foundry routing-release versions prior to 0.142.0 and cf-release versions 203 to 231.
What kind of attack does CVE-2016-8218 allow?
CVE-2016-8218 allows unprivileged attackers to impersonate other users to the routing API due to incomplete validation logic in JWT libraries.
Is CVE-2016-8218 easily exploitable?
Yes, CVE-2016-8218 can be exploited relatively easily by attackers who can create a valid JWT.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cloudfoundry
- canonical/cloud foundry cf release
- version/cloud foundry cf release/203
- version/cloud foundry cf release/204
- version/cloud foundry cf release/205
- version/cloud foundry cf release/206
- version/cloud foundry cf release/207
- version/cloud foundry cf release/208
- version/cloud foundry cf release/209
- version/cloud foundry cf release/210
- version/cloud foundry cf release/211
- version/cloud foundry cf release/212
- version/cloud foundry cf release/213
- version/cloud foundry cf release/214
- version/cloud foundry cf release/215
- version/cloud foundry cf release/217
- version/cloud foundry cf release/218
- version/cloud foundry cf release/219
- version/cloud foundry cf release/220
- version/cloud foundry cf release/221
- version/cloud foundry cf release/222
- version/cloud foundry cf release/223
- version/cloud foundry cf release/224
- version/cloud foundry cf release/225
- version/cloud foundry cf release/226
- version/cloud foundry cf release/227
- version/cloud foundry cf release/228
- version/cloud foundry cf release/229
- version/cloud foundry cf release/230
- version/cloud foundry cf release/231
- canonical/pivotal cloud foundry routing release
- version/pivotal cloud foundry routing release/0.141.0