Password Reset Link Vulnerability in Cloud Foundry Runtime and Pivotal Software
CVE-2015-5172

9.8CRITICAL

What is CVE-2015-5172?

A vulnerability exists in Cloud Foundry Runtime, UAA, and Pivotal Cloud Foundry Elastic Runtime that permits attackers to exploit unexpired password reset links, potentially allowing unauthorized access or actions within the affected systems. The vulnerability underscores the importance of implementing secure practices for handling password reset links, ensuring that they expire after use to mitigate potential security risks.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.