An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPivotal Software Cloud Foundry Elastic Runtime
APPPivotal Software1.6.01.6.11.6.101.6.111.6.121.6.131.6.141.6.151.6.161.6.171.6.181.6.191.6.21.6.201.6.21+ 85 więcej
Powiązane podatności
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to...
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contai...