CVE-2016-0713 Gorouter XSS
Severity
Medium
Vendor
Cloud Foundry Foundation
Description
A vulnerability has been discovered in the gorouter process that allows a cross-site-scripting (XSS) attack. Should a malicious actor intermediate requests from clients to the router, modifying the request to contain malicious code, this code could be executed on the operating system of the client from where the request originated. To our knowledge, this vulnerability does not pose a risk for penetration or takeover of Cloud Foundry system components or applications hosted by Cloud Foundry.
Affected Cloud Foundry Products and Versions
- cf-release v141 – v228
Mitigation
The Cloud Foundry project recommends that Cloud Foundry Deployments using Gorouter are upgraded to cf-release v229.
Credit
Fujitsu Limited
References
History
2016-Feb-01: CVE details shared with cf-dev mailing list
2017-Sep-08: Initial vulnerability report published
