Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Remediation

References

https://pivotal.io/security/cve-2016-5016

https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3

https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3

https://github.com/cloudfoundry/uaa/releases/tag/3.4.2

https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3

https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6

https://github.com/cloudfoundry/cf-release/releases/tag/v240

Related Vulnerabilities

CVE-2022-34201 Vulnerability in maven package com.convertigo.jenkins.plugins:convertigo-mobile-platform

CVE-2019-10354 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-3442 Vulnerability in maven package io.jenkins.plugins:servicenow-devops

CVE-2022-25901 Vulnerability in maven package org.webjars.npm:cookiejar

CVE-2019-8331 Vulnerability in npm package bootstrap

Severity

Medium

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory Release Notes Third Party Advisory