Cross-Site Scripting Vulnerability in Cloud Foundry and Related Products by Pivotal
CVE-2016-0781

6.1MEDIUM

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
25 May 2017

What is CVE-2016-0781?

Certain versions of Cloud Foundry and related Pivotal products are susceptible to an exploitation involving cross-site scripting (XSS). This vulnerability arises when malicious JavaScript code is injected into OAuth scopes or SCIM group descriptions, allowing attackers to craft authentication requests that compromise user data and session integrity.

Affected Version(s)

Cloud Foundry v208 to v231

Cloud Foundry Login-server v1.6 to v1.14

Cloud Foundry UAA v2.0.0 to v2.7.4.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.