CVE-2017-8047 — Open Redirect in Cf-release

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 58.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-release Pivotal Routing-release

Timeline

PublishedOct 4

Latest updateMay 13

Description

In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDcloudfoundry/cf-release273

▶NVDpivotal/routing-release0.162.0

🔴Vulnerability Details

GHSA

GHSA-398j-r5c5-vrph: In Cloud Foundry router routing-release all versions prior to v0↗2022-05-13

▶

CVEList

CVE-2017-8047: In Cloud Foundry router routing-release all versions prior to v0↗2017-10-03

▶