Open Redirect Vulnerability in Cloud Foundry Router and cf-release
CVE-2017-8047

6.1MEDIUM

What is CVE-2017-8047?

In the affected versions of Cloud Foundry Router and cf-release, a security flaw exists that allows attackers to manipulate URLs. By appending specific combinations of characters, an open redirect can occur, potentially leading to phishing attacks that compromise user credentials and sensitive data. While version 274 addresses the vulnerability, it introduces a significant bug that was later rectified in version 275.

Affected Version(s)

Cloud Foundry router routing-release all prior to v0.163.0 and cf-release all prior to v274 Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.