Description

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2023-24441 Vulnerability in maven package org.jvnet.hudson.plugins:mstest

CVE-2023-25500 Vulnerability in maven package com.vaadin:vaadin

CVE-2018-1192 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa

CVE-2019-10397 Vulnerability in maven package org.jenkins-ci.plugins:aqua-serverless

CVE-2019-1003068 Vulnerability in maven package com.inkysea.vmware.vra:vmware-vrealize-automation-plugin

Severity

Critical

Classification

CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory