9.8

CVE-2016-8218

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

Data is provided by the National Vulnerability Database (NVD)
CloudfoundryCf-release Version <= 203
CloudfoundryCf-release Version204
CloudfoundryCf-release Version205
CloudfoundryCf-release Version206
CloudfoundryCf-release Version207
CloudfoundryCf-release Version208
CloudfoundryCf-release Version209
CloudfoundryCf-release Version210
CloudfoundryCf-release Version211
CloudfoundryCf-release Version212
CloudfoundryCf-release Version213
CloudfoundryCf-release Version214
CloudfoundryCf-release Version215
CloudfoundryCf-release Version217
CloudfoundryCf-release Version218
CloudfoundryCf-release Version219
CloudfoundryCf-release Version220
CloudfoundryCf-release Version221
CloudfoundryCf-release Version222
CloudfoundryCf-release Version223
CloudfoundryCf-release Version224
CloudfoundryCf-release Version225
CloudfoundryCf-release Version226
CloudfoundryCf-release Version227
CloudfoundryCf-release Version228
CloudfoundryCf-release Version229
CloudfoundryCf-release Version230
CloudfoundryCf-release Version231
CloudfoundryRouting-release Version <= 0.141.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.59% 0.665
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.