Password Reset Link Vulnerability in Pivotal Cloud Foundry Runtime Products
CVE-2015-3189
3.7LOW
What is CVE-2015-3189?
In specific versions of the Pivotal Cloud Foundry Runtime and UAA Standalone, a vulnerability exists where old password reset links are not invalidated when a user updates their email address. This poses a risk as users may inadvertently retain access to outdated links that could be exploited by unauthorized entities. This issue arises exclusively when leveraging the UAA internal user store for authentication, while configurations employing SAML or LDAP remain unaffected.
Affected Version(s)
Cloud Foundry Runtime cf-release versions v208 or earlier
Cloud Foundry UAA Standalone versions 2.2.5 or earlier
Cloud Foundry Runtime 1.4.5 or earlier
