An issue exists in Cloud Foundry Foundation routing-release versions before 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged malicious users to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cloudfoundry cf-release 204 |
||
cloudfoundry cf-release 206 |
||
cloudfoundry cf-release 211 |
||
cloudfoundry cf-release 207 |
||
cloudfoundry cf-release 208 |
||
cloudfoundry cf-release 209 |
||
cloudfoundry cf-release 210 |
||
cloudfoundry cf-release 225 |
||
cloudfoundry cf-release 226 |
||
cloudfoundry cf-release 227 |
||
cloudfoundry cf-release 228 |
||
cloudfoundry cf-release 213 |
||
cloudfoundry cf-release 215 |
||
cloudfoundry cf-release 221 |
||
cloudfoundry cf-release 223 |
||
cloudfoundry cf-release 230 |
||
cloudfoundry routing-release |
||
cloudfoundry cf-release 217 |
||
cloudfoundry cf-release 218 |
||
cloudfoundry cf-release 219 |
||
cloudfoundry cf-release 220 |
||
cloudfoundry cf-release |
||
cloudfoundry cf-release 205 |
||
cloudfoundry cf-release 212 |
||
cloudfoundry cf-release 214 |
||
cloudfoundry cf-release 222 |
||
cloudfoundry cf-release 224 |
||
cloudfoundry cf-release 229 |
||
cloudfoundry cf-release 231 |