Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2015-3190 – Open redirect on Login

by: June 25, 2015

CVE-2015-3190 – Open redirect on Login

Severity

Low

Vendor

Cloud Foundry Foundation

Versions Affected

  • cf-release versions prior to v210
  • UAA versions prior to 2.3.0

Description

The UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.

Affected Products and Versions

Severity is low unless otherwise noted.

  • Cloud Foundry Runtime cf-release versions v209 or earlier are susceptible to this vulnerability
  • UAA Standalone versions 2.2.6 or earlier are susceptible to this vulnerability

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project team recommends that Cloud Foundry Runtime Deployments running Release v209 or earlier upgrade to v210 or later
  • The Cloud Foundry project teams recommends that Cloud Foundry UAA standalone deployments running Release 2.2.6 or earlier upgrade to 2.3.0 or later

Credit

This issue was identified by Mohammed Abdulqader Abobaker Al-saggaf and reported responsibly to the VMware Security Team.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-4385-1: Intel Microcode vulnerabilities
Security Advisory

USN-4385-1: Intel Microcode vulnerabilities

by Cloud Foundry Foundation Security Team June 22, 2020
USN-3117-1: GD library vulnerabilities
Security Advisory

USN-3117-1: GD library vulnerabilities

by Cloud Foundry Foundation Security Team December 19, 2016
CVE-2018-1266: Cloud Controller file modification via malicious application
Security Advisory

CVE-2018-1266: Cloud Controller file modification via malicious application

by Cloud Foundry Foundation Security Team March 26, 2018
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept