Vulnerability Description
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Cf-Release | < 216 |
| Pivotal Software | Cloud Foundry Elastic Runtime | < 1.7.0 |
| Pivotal Software | Cloud Foundry Uaa | < 2.5.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101579Third Party AdvisoryVDB Entry
- https://pivotal.io/security/cve-2015-5170-5173Vendor Advisory
- http://www.securityfocus.com/bid/101579Third Party AdvisoryVDB Entry
- https://pivotal.io/security/cve-2015-5170-5173Vendor Advisory
FAQ
What is CVE-2015-5170?
CVE-2015-5170 is a vulnerability with a CVSS score of 8.8 (HIGH). Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks ...
How severe is CVE-2015-5170?
CVE-2015-5170 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5170?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Cf-Release, Pivotal Software Cloud Foundry Elastic Runtime, Pivotal Software Cloud Foundry Uaa.