N/A

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.

N/A

N/A

Pivotal Cloud Foundry Runtime cf-release、UAA和UAA bosh 跨站脚本漏洞

Pivotal Cloud Foundry（PCF）Runtime cf-release等都是美国Pivotal Software公司的产品。PCF是一套开源的平台即服务（PaaS）云计算平台，它提供容器调度、持续交付和自动化服务部署等功能。cf-release是PCF的一个发布版本。UAA是PCF的一个身份验证和管理服务终端。UAA bosh是一款用于统一小型和大型云软件的发布系统。 PCF cf-release、UAA和UAA bosh存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTM

N/A

N/A