CVE-2015-3190 — Open Redirect in Cf-release

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 58.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-release Pivotal Software Cloud Foundry Elastic Runtime Pivotal Software Cloud Foundry UAA +1 more

Timeline

PublishedMay 25

Latest updateMay 13

Description

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime1.4.5

▶NVDcloudfoundry/cf-release209

▶NVDpivotal_software/cloud_foundry_uaa2.2.6

▶CVEListV5pivotal/cloud_foundryRuntime 1.4.5 or earlier, Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier+2

🔴Vulnerability Details

GHSA

GHSA-97vp-h7v5-7hcw: With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2↗2022-05-13

▶

💬Community

Bugzilla

CVE-2016-3190 cairo: out of bounds read in fill_xrgb32_lerp_opaque_spans↗2016-03-18

▶