Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HCloudfoundry Cloud Foundry Uaa Bosh
APPCloudfoundry≤ 15.0Pivotal Software Cloud Foundry
APPPivotal Software≤ 241Pivotal Software Cloud Foundry Elastic Runtime
APPPivotal Software1.6.01.6.11.6.101.6.111.6.121.6.131.6.141.6.151.6.171.6.181.6.191.6.21.6.201.6.211.6.22+ 45 więcejPivotal Software Cloud Foundry Ops Manager
APPPivotal Software1.7.01.7.11.7.101.7.111.7.121.7.21.7.31.7.41.7.51.7.61.7.71.7.81.7.91.8.0Pivotal Software Cloud Foundry Uaa
APPPivotal Software2.3.02.3.12.4.02.5.12.6.12.7.0.22.7.0.32.7.12.7.22.7.32.7.4.63.0.03.0.13.1.03.2.0+ 6 więcej
Related vulnerabilities
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to...