Open Redirect Vulnerability in Pivotal Cloud Foundry by Pivotal
CVE-2015-3190

6.1MEDIUM

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
25 May 2017

What is CVE-2015-3190?

The vulnerability allows an attacker to exploit the UAA logout link within earlier versions of Cloud Foundry Runtime and UAA Standalone. By manipulating the redirect parameter, an attacker can redirect users to a malicious webpage, potentially leading to phishing attacks or further compromise of user data. This risks user security and undermines the trust in the affected products.

Affected Version(s)

Cloud Foundry Runtime cf-release versions v209 or earlier

Cloud Foundry UAA Standalone versions 2.2.6 or earlier

Cloud Foundry Runtime 1.4.5 or earlier

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.