PT-2017-6820 · Pivotal+1 · Pivotal Cloud Foundry (Pcf) Elastic Runtime+2

Publicado

2016-05-02

·

Atualizado

2022-05-13

·

CVE-2015-5170

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Cloud Foundry Runtime versions prior to 216 UAA versions prior to 2.5.2 Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0
Description The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks, potentially logging a user into an arbitrary account by leveraging the lack of CSRF checks. Additionally, it may have an unspecified impact due to the failure to expire password reset links and existing sessions.
Recommendations For Cloud Foundry Runtime versions prior to 216, update to version 216 or later to resolve the issue. For UAA versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.

Correção

Insufficient Session Expiration

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-640CWE-613CWE-352

Identificadores relacionados

BDU:2018-00144
BDU:2018-00145
CVE-2015-5170
GHSA-CQ6M-74R4-X77G
GHSA-H533-Q6JC-QX28
GHSA-MPV3-G527-FQRJ

Produtos afetados

Cloud Foundry Runtime
Pivotal Cloud Foundry (Pcf) Elastic Runtime
Uaa