Description
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Remediation
References
https://pivotal.io/security/cve-2015-5170-5173
Related Vulnerabilities
CVE-2023-24441 Vulnerability in maven package org.jvnet.hudson.plugins:mstest
CVE-2023-25500 Vulnerability in maven package com.vaadin:vaadin
CVE-2018-1192 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2019-10397 Vulnerability in maven package org.jenkins-ci.plugins:aqua-serverless