Cross Domain Referer Leakage in Cloud Foundry Runtime and Pivotal Cloud Foundry
CVE-2015-5173

8.8HIGH

What is CVE-2015-5173?

The vulnerability in Cloud Foundry Runtime, UAA, and Pivotal Cloud Foundry allows attackers to potentially exploit email functionality to leak sensitive referral data. This can occur through crafted emails containing password recovery links, which may disclose information across different domains, thus compromising the security of user accounts and cloud resources.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.