CVE-2016-6636 — Open Redirect in Cloud Foundry UAA Bosh

CWE-601 — Open Redirect3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 53.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cloud Foundry UAA Bosh Pivotal Software Cloud Foundry Pivotal Software Cloud Foundry Elastic Runtime +2 more

Timeline

PublishedSep 30

Latest updateMay 13

Description

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime60 versions+59

▶NVDpivotal_software/cloud_foundry_ops_manager14 versions+13

▶NVDpivotal_software/cloud_foundry241

▶NVDcloudfoundry/cloud_foundry_uaa_bosh12.3

▶NVDpivotal_software/cloud_foundry_uaa21 versions+20

🔴Vulnerability Details

GHSA

GHSA-ffj6-5gww-48qc: The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2↗2022-05-13

▶

CVEList

CVE-2016-6636: The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2↗2016-09-30

▶