Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Pivotal产品安全漏洞
Vulnerability Description
Pivotal Cloud Foundry(PCF)Runtime cf-release等都是美国Pivotal Software公司的产品。PCF是一套开源的平台即服务(PaaS)云计算平台,它提供容器调度、持续交付和自动化服务部署等功能。cf-release是PCF的一个发布版本。UAA是PCF的一个身份验证和管理服务终端。Pivotal Cloud Foundry Runtime是PCF的一个运行环境。 多款Pivotal产品中存在安全漏洞。攻击者可借助借助特意的连接利用该漏洞该漏洞实施跨站请求伪造
CVSS Information
N/A
Vulnerability Type
N/A