CSRF in Cloudfoundry Cf-release
CVE-2015-3191
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacke…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.001 (30.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Cloudfoundry Cf-release
- Pivotal Cloud Foundry — versions Runtime 1.4.5 or earlier, UAA Standalone versions 2.2.6 or earlier, Runtime cf-release versions v209 or earlier
- Pivotal_software Cloud_foundry_elastic_runtime
- Pivotal_software Cloud_foundry_uaa
Weakness classification (CWE)
References
- security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2015-3191?
- CVE-2015-3191 is a high-severity vulnerability in Cloudfoundry Cf-release, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2017-05-25.
- How severe is CVE-2015-3191?
- High severity. CVSS v3 base score is 8.8 out of 10.