An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/cve-2016-8218/ | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2017-06-13T06:00:00
Updated: 2017-06-13T05:57:01
Reserved: 2016-09-13T00:00:00
Link: CVE-2016-8218
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-06-13T06:29:00.237
Modified: 2017-11-08T12:57:41.063
Link: CVE-2016-8218
JSON object: View
Redhat Information
No data.
CWE