An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCloudfoundry Cf Release
APPCloudfoundry204205206207208209210211212213214215217218219+ 13 więcejCloudfoundry Routing Release
APPCloudfoundry≤ 0.141.0
Related vulnerabilities
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-...
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...