CVE-2015-5172 – org.cloudfoundry.identity:cloudfoundry-identity-server

Package

Manager: maven
Name: org.cloudfoundry.identity:cloudfoundry-identity-server
Vulnerable Version: >=0 <2.5.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00398 pctl0.59814

Details

Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

Metadata

Created: 2022-05-13T01:07:00Z
Modified: 2024-02-28T21:03:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cq6m-74r4-x77g/GHSA-cq6m-74r4-x77g.json
CWE IDs: ["CWE-640"]
Alternative ID: GHSA-cq6m-74r4-x77g
Finding: F087
Auto approve: 1