PT-2017-6820 · Pivotal+1 · Pivotal Cloud Foundry (Pcf) Elastic Runtime+2
Published
2016-05-02
·
Updated
2022-05-13
·
CVE-2015-5170
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Runtime versions prior to 216
UAA versions prior to 2.5.2
Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0
Description
The issue allows remote attackers to conduct cross-site request forgery (CSRF) attacks, potentially logging a user into an arbitrary account by leveraging the lack of CSRF checks. Additionally, it may have an unspecified impact due to the failure to expire password reset links and existing sessions.
Recommendations
For Cloud Foundry Runtime versions prior to 216, update to version 216 or later to resolve the issue.
For UAA versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue.
For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.
Fix
Insufficient Session Expiration
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cloud Foundry Runtime
Pivotal Cloud Foundry (Pcf) Elastic Runtime
Uaa