Описание
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 209 (включая)Версия до 1.4.5 (включая)Версия до 2.2.6 (включая)
Одно из
cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00197
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
EPSS
Процентиль: 42%
0.00197
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601