CVE-2015-5173 — Sensitive Information Exposure in Cf-release

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 39.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-release Pivotal Software Cloud Foundry Elastic Runtime Pivotal Software Cloud Foundry UAA

Timeline

PublishedOct 24

Latest updateMay 13

Description

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime< 1.7.0

▶NVDcloudfoundry/cf-release< 216

▶NVDpivotal_software/cloud_foundry_uaa< 2.5.2

🔴Vulnerability Details

GHSA

GHSA-pvw6-76ww-4x7m: Cloud Foundry Runtime cf-release before 216, UAA before 2↗2022-05-13

▶

CVEList

CVE-2015-5173: Cloud Foundry Runtime cf-release before 216, UAA before 2↗2017-10-24

▶