Vulnerabilites related to cloudfoundry - uaa-release
Vulnerability from fkie_nvd
Published
2017-09-07 13:29
Modified
2024-11-21 02:42
Severity ?
Summary
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://pivotal.io/security/cve-2016-0732 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2016-0732 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6351C26-3E4F-4783-AC20-13076FDFD898",
"versionEndIncluding": "229",
"versionStartIncluding": "208",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAB232F-1FA4-4C5E-B302-68065DBA7510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FEA25C-11C6-495C-84B6-EC8EDE0A5250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D69110C2-044B-4EFE-B947-7E7FF382B110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62C001BE-9484-4AC9-9A03-890CD70A5DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3E5A61-D13E-427F-AD00-F86ECD567318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49D09957-D01C-4914-A05F-B5F242DAD261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86766366-895E-4AEB-B5B0-E8181109EF39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0EDADC-A658-4776-91C0-07DF44792356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC9EBE9-D869-4CAF-B4AD-F5F36EA040D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65E7C154-AB1D-4190-8C28-50355A6AC0B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4ABB4CA3-B087-480F-BF3F-AE3FAEC4241F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AF5FCE-D03F-4642-A266-F7F4F2577F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF0C1DC-E17B-41F2-B537-FD8950371064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "814FB6AA-4325-4AE6-9F92-01037EBE16EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BAACFFD2-AD71-4812-883A-7E27ECD79945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2745C09B-1A58-47AA-99CF-7860CB3F9FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD6D54E-2336-4F94-B336-390123A3D2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75994E15-A991-4336-85FC-10CBAE5C69E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73193F21-2BD0-4481-9EBF-458984F1FC23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9CBD2130-EB88-4988-8995-CAC28710F3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04FCBE2B-A0DD-475C-94C6-01B365FA8705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA1F712-56A8-4EEF-9220-7F047423611A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7CE72-75BD-477B-A75D-8E0F8DB7678D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EC83A4-6CD0-4575-B504-0E4839DFF2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBA7C49-82DC-42E6-BA32-624DCC91EE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F976310D-C749-4664-8AA4-548D23C39BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52F58109-88F6-476D-B08A-801EC0A69BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484046E8-4048-4397-B391-AFB7EF38993C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "905F3804-FAE0-4940-83D3-591A55A0B325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC27E1DD-648A-4FFC-8F4C-B3826329AC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F50475-6C2B-4DEF-90B1-AEFACF6954F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEB468C-0748-4838-AD9E-ECF9B920B19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "09DC2E28-7D43-4323-A522-7FFEACB5E88A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:uaa-release:2:*:*:*:*:*:*:*",
"matchCriteriaId": "8703E628-1ECE-4CA2-8003-DC902E920EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:uaa-release:3:*:*:*:*:*:*:*",
"matchCriteriaId": "770AFCA5-A1FA-4CB6-98BF-A226D4DF429A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:uaa-release:4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6047B3-346D-4809-B713-9513935D5783",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D5416C8-AB64-4BC5-B1FE-5C08F7D5AF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "459E7CBD-AF09-43F8-B224-6BF8BB4D396E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4BB9CD-3D23-4CC1-AEFA-19CADB24EFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1D43E8-A4E8-4D5E-B482-B301BAC99846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A0057F-FE6D-450B-83BF-00BB9D9DFCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A1763BC-6CD0-4AAE-BAA0-BE5F21EC7EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E18E06E-FF5F-431D-A613-99FE7130BCD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B04F41B2-E70D-4D5E-AB1E-2595A16AF3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38F08EF3-A4A2-423E-A4B8-486220716DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "08D63E00-1DE1-4F76-A7E4-43BA0D643682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA097B-09DC-40A8-9353-A3BF45AF3A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3D149DEB-8FDB-42B3-A748-0A966D82DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77ECF4F7-BF73-46D8-AC12-300135C1FC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:elastic_runtime:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E827400C-F2C5-455E-8347-CD3628CACBCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors."
},
{
"lang": "es",
"value": "La caracter\u00edstica de zonas de identidad en Pivotal Cloud Foundry 208 a 229; UAA 2.0.0 a 2.7.3 y 3.0.0; UAA-Release 2 hasta la 4, cuando se configura con m\u00faltiples zonas de identidad; y Elastic Runtime 1.6.0 hasta la 1.6.13 permite que los usuarios remotos autenticados con privilegios en una zona obtengan privilegios y realicen operaciones en una zona diferente mediante vectores no especificados."
}
],
"id": "CVE-2016-0732",
"lastModified": "2024-11-21T02:42:16.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-07T13:29:00.293",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2016-0732"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 10:29
Modified
2024-11-21 03:33
Severity ?
Summary
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/101967 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://www.cloudfoundry.org/cve-2017-8031/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101967 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cloudfoundry.org/cve-2017-8031/ | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudfoundry | cf-release | * | |
| cloudfoundry | uaa-release | * | |
| cloudfoundry | uaa-release | * | |
| cloudfoundry | uaa-release | 52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE35B61-A146-432F-80F9-BCB030184FB0",
"versionEndIncluding": "278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:uaa-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "722E4FAD-80A1-4705-86FF-A10933424862",
"versionEndExcluding": "30.6",
"versionStartIncluding": "30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:uaa-release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8052FE7-3370-4227-8970-36BABECDADD8",
"versionEndExcluding": "45.4",
"versionStartIncluding": "45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudfoundry:uaa-release:52:*:*:*:*:*:*:*",
"matchCriteriaId": "591ACEBD-5EA8-4856-B42E-268CD0C0E8B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Cloud Foundry Foundation cf-release (todas las versiones anteriores a v279) y UAA (versiones 30.x anteriores a la 30.6; versiones 45.x anteriores a la 45.4 y versiones 52.x anteriores a la 52.1). En algunos casos, UAA permite que un usuario autenticado para un cliente particular revoque tokens de cliente para otros usuarios en el mismo cliente. Esto solo ocurre si el cliente est\u00e1 usando tokens opacos o tokens JWT validados empleando el extremo check_token. Un actor malicioso podr\u00eda provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-8031",
"lastModified": "2024-11-21T03:33:11.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T10:29:00.767",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101967"
},
{
"source": "security_alert@emc.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.cloudfoundry.org/cve-2017-8031/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.cloudfoundry.org/cve-2017-8031/"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-8031
Vulnerability from cvelistv5
Published
2017-11-27 10:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cloudfoundry.org/cve-2017-8031/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101967 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1 |
Version: cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/cve-2017-8031/"
},
{
"name": "101967",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-29T10:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/cve-2017-8031/"
},
{
"name": "101967",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101967"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1",
"version": {
"version_data": [
{
"version_value": "cf-release and UAA cf-release: All versions prior to v279, UAA: 30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/cve-2017-8031/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/cve-2017-8031/"
},
{
"name": "101967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101967"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2017-8031",
"datePublished": "2017-11-27T10:00:00",
"dateReserved": "2017-04-21T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0732
Vulnerability from cvelistv5
Published
2017-09-07 13:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2016-0732 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:03.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2016-0732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2016-0732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2016-0732",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-0732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0732",
"datePublished": "2017-09-07T13:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:03.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}