Open Redirect Vulnerability in Pivotal Cloud Foundry by Pivotal
CVE-2015-3190
6.1MEDIUM
What is CVE-2015-3190?
The vulnerability allows an attacker to exploit the UAA logout link within earlier versions of Cloud Foundry Runtime and UAA Standalone. By manipulating the redirect parameter, an attacker can redirect users to a malicious webpage, potentially leading to phishing attacks or further compromise of user data. This risks user security and undermines the trust in the affected products.
Affected Version(s)
Cloud Foundry Runtime cf-release versions v209 or earlier
Cloud Foundry UAA Standalone versions 2.2.6 or earlier
Cloud Foundry Runtime 1.4.5 or earlier
