CVE-2015-5172

CRITICAL9.8EPSS 0.40%

Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password

發布日:2022/5/13修改日:2024/2/28

描述

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

受影響套件(1)

Maven/org.cloudfoundry.identity:cloudfoundry-identity-serverfrom 0, < 2.5.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5172
PATCHhttps://github.com/cloudfoundry/uaa
WEBhttps://github.com/cloudfoundry/uaa/commit/cd31cc397fe17389d95b83d6a9caa46eebc54faf
WEBhttps://pivotal.io/security/cve-2015-5170-5173