CVE-2016-5016 – org.cloudfoundry.identity:cloudfoundry-identity-server

Package

Manager: maven
Name: org.cloudfoundry.identity:cloudfoundry-identity-server
Vulnerable Version: >=3.0.0 <3.3.0.3 || >=3.4.0 <3.4.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00278 pctl0.50826

Details

Cloud Foundry vulnerable to Improper Certificate Validation Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Metadata

Created: 2022-05-14T01:30:57Z
Modified: 2024-02-28T22:58:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rc2r-w8jv-vggp/GHSA-rc2r-w8jv-vggp.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-rc2r-w8jv-vggp
Finding: F163
Auto approve: 1