CVE-2016-8218

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
References
Link Resource
https://www.cloudfoundry.org/cve-2016-8218/ Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:204:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:205:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:206:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:207:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:208:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:209:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:210:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:211:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:212:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:213:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:214:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:215:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:217:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:218:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:219:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:220:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:221:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:222:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:223:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:224:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:225:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:226:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:227:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:228:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:229:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:230:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:cf-release:231:*:*:*:*:*:*:*
cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-13 06:29

Updated : 2024-02-04 19:29


NVD link : CVE-2016-8218

Mitre link : CVE-2016-8218

CVE.ORG link : CVE-2016-8218


JSON object : View

Products Affected

cloudfoundry

  • routing-release
  • cf-release
CWE
CWE-20

Improper Input Validation