PT-2017-7649 · Pivotal · Pivotal Cloud Foundry+3
Published
2017-09-07
·
Updated
2021-09-09
·
CVE-2016-0732
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pivotal Cloud Foundry versions 208 through 229
UAA versions 2.0.0 through 2.7.3 and 3.0.0
UAA-Release versions 2 through 4
Elastic Runtime versions 1.6.0 through 1.6.13
Description
The identity zones feature in the affected software, when configured with multiple identity zones, allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
Recommendations
For Pivotal Cloud Foundry versions 208 through 229, update to a version outside of this range to resolve the issue.
For UAA versions 2.0.0 through 2.7.3 and 3.0.0, update to a version outside of this range to resolve the issue.
For UAA-Release versions 2 through 4, update to a version outside of this range to resolve the issue.
For Elastic Runtime versions 1.6.0 through 1.6.13, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the identity zones feature until a patch is available.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Runtime
Pivotal Cloud Foundry
Uaa
Uaa-Release