CRITICAL🇵🇱 Wersja polska

CVE-2016-8218

CVSS 9.8v3.0pub. 2017-06-13upd. 2026-05-13

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cloudfoundry Cf Release

    APP
    Cloudfoundry
    204205206207208209210211212213214215217218219+ 13 więcej
  • Cloudfoundry Routing Release

    APP
    Cloudfoundry
    ≤ 0.141.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2016-6658CRITICAL9.6ten sam produkt

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2016-6655CRITICAL9.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-...

CVE-2017-4992CRITICAL9.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...