exploitDog

GHSA-47fq-mm42-6v8w

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.6

Описание

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

Ссылки

EPSS

Процентиль: 64%

0.00472

Низкий

6.6 Medium

CVSS3

CVE ID

Дефекты

CWE-565

Связанные уязвимости

CVE-2017-8034

CVSS3: 6.6

nvd

больше 8 лет назад

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.

EPSS

Процентиль: 64%

0.00472

Низкий

6.6 Medium

CVSS3

CVE ID

Дефекты

CWE-565