GHSA-4m8c-h7fr-gq5c

Suggest an improvement
Source
https://github.com/advisories/GHSA-4m8c-h7fr-gq5c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4m8c-h7fr-gq5c/GHSA-4m8c-h7fr-gq5c.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-4m8c-h7fr-gq5c
Aliases
Published
2022-05-13T01:07:27Z
Modified
2024-02-29T00:27:07.272820Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Cloud Foundry vulnerable to Cross-Site Request Forgery
Details

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.

Database specific
{
    "nvd_published_at": "2016-09-30T00:59:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-29T00:01:21Z"
}
References

Affected packages

Maven / org.cloudfoundry.identity:cloudfoundry-identity-server

Package

Name
org.cloudfoundry.identity:cloudfoundry-identity-server
View open source insights on deps.dev
Purl
pkg:maven/org.cloudfoundry.identity/cloudfoundry-identity-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.7.4.7

Maven / org.cloudfoundry.identity:cloudfoundry-identity-server

Package

Name
org.cloudfoundry.identity:cloudfoundry-identity-server
View open source insights on deps.dev
Purl
pkg:maven/org.cloudfoundry.identity/cloudfoundry-identity-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.3.0.5

Affected versions

3.*

3.0.0
3.0.1
3.1.0
3.2.0
3.2.1
3.3.0
3.3.0.1
3.3.0.2
3.3.0.3
3.3.0.4

Maven / org.cloudfoundry.identity:cloudfoundry-identity-server

Package

Name
org.cloudfoundry.identity:cloudfoundry-identity-server
View open source insights on deps.dev
Purl
pkg:maven/org.cloudfoundry.identity/cloudfoundry-identity-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.4.0
Fixed
3.4.4

Affected versions

3.*

3.4.0
3.4.2
3.4.3

Maven / org.cloudfoundry.identity:cloudfoundry-identity-server

Package

Name
org.cloudfoundry.identity:cloudfoundry-identity-server
View open source insights on deps.dev
Purl
pkg:maven/org.cloudfoundry.identity/cloudfoundry-identity-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5.0
Fixed
3.7.0

Affected versions

3.*

3.5.0
3.6.0