CVE-2015-5172

CRITICAL9.8EPSS 0.40%

Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password

Published: 5/13/2022Modified: 2/28/2024

Description

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

Affected packages (1)

Maven/org.cloudfoundry.identity:cloudfoundry-identity-serverfrom 0, < 2.5.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5172
PATCHhttps://github.com/cloudfoundry/uaa
WEBhttps://github.com/cloudfoundry/uaa/commit/cd31cc397fe17389d95b83d6a9caa46eebc54faf
WEBhttps://pivotal.io/security/cve-2015-5170-5173