CVE-2017-8031

Name of the Vulnerable Software and Affected Versions Cloud Foundry Foundation cf-release versions prior to v279 UAA versions prior to 30.6 in the 30.x range UAA versions prior to 45.4 in the 45.x range UAA versions prior to 52.1 in the 52.x range

Description The issue allows an authenticated user for a particular client to revoke client tokens for other users on the same client, potentially causing denial of service. This occurs when the client is using opaque tokens or JWT tokens validated using the check token endpoint.

Recommendations For Cloud Foundry Foundation cf-release versions prior to v279, update to version v279 or later. For UAA 30.x versions prior to 30.6, update to version 30.6 or later. For UAA 45.x versions prior to 45.4, update to version 45.4 or later. For UAA 52.x versions prior to 52.1, update to version 52.1 or later.