CSRF Vulnerability in UAA Standalone and Cloud Foundry Runtime Products
CVE-2015-3191
8.8HIGH
What is CVE-2015-3191?
The change_email form in UAA for Cloud Foundry Runtime and UAA Standalone products is susceptible to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this vulnerability by prompting a logged-in user to change their email through a malicious link hosted on an attacker-controlled site. This threat specifically affects configurations employing the UAA internal user store for authentication, while those utilizing integration with SAML or LDAP remains secure.
Affected Version(s)
Cloud Foundry Runtime cf-release versions v209 or earlier
Cloud Foundry UAA Standalone versions 2.2.6 or earlier
Cloud Foundry Runtime 1.4.5 or earlier
