mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
247 lines
9.3 KiB
JSON
247 lines
9.3 KiB
JSON
{
|
|
"id": "CVE-2016-8218",
|
|
"sourceIdentifier": "security_alert@emc.com",
|
|
"published": "2017-06-13T06:29:00.237",
|
|
"lastModified": "2017-11-08T12:57:41.063",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an \"Unauthenticated JWT signing algorithm in routing\" issue."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se detect\u00f3 un problema en routing-release anterior a versi\u00f3n 0.142.0 y cf-release versiones 203 a 231 de Cloud Foundry Foundation. La l\u00f3gica de comprobaci\u00f3n incompleta en las bibliotecas JSON Web Token (JWT) puede permitir a los atacantes sin privilegios suplantar a otros usuarios en la API de enrutamiento, tambi\u00e9n se conoce como un problema de \"Unauthenticated JWT signing algorithm in routing\"."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "203",
|
|
"matchCriteriaId": "C6716274-498C-4038-AF3A-12E28D2182FE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:204:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EF059737-8DA3-449D-A146-2417399D190A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:205:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1B4F7ACD-3375-41AB-8B82-638ED6C5650A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:206:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A4FD01C3-2BFD-4D84-A1EB-963471C9F004"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:207:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "85F15FBD-B2C1-45FF-A457-C9FA94377B40"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:208:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C297F58C-0322-46D5-B083-11CC8C44266F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:209:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "44650561-88FD-4962-A5FC-44E972627E16"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:210:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AF2497AE-DA57-43EC-AC88-46586E4A99DC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:211:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32EAE926-2BCC-4D1A-A759-D568E7A2E1DC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:212:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B1FDC13B-8ECC-41F6-9BA6-3BC55F1440CE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:213:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "764AC325-E85C-4C3D-87EC-30DA4FA0187D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:214:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36081E6B-B90E-45C5-ABEB-267B226FAFCC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:215:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ACAF3F6A-4AC3-48A2-9563-A3D7B66D2706"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:217:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "094745DD-E63B-49C4-9A8D-CCC471D17D28"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:218:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "16D490A8-EED7-4AAC-A3E9-A9ACC7E1EB65"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:219:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A12F3F7-969F-41B8-AFBD-F89014A040B3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:220:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "16419C47-6315-4D43-946E-70A9B4D4A3E6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:221:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "530104BB-FADD-41A2-B3AD-C365E4D68110"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:222:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4F4D893C-8C07-472E-9D99-0C30365930E9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:223:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "10328933-CBD1-43D6-9951-2860FC57CFCF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:224:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "24A02A6C-75DD-44AE-8D79-76A2D4F351DC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:225:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CF2F1FF7-E52E-4C1B-A85D-995E326F6AA8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:226:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3BF54F3B-EB88-499A-BCB9-76574DB0A1F5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:227:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0460E58E-64A6-4861-85EB-3C8644A66ED8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:228:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "07B6953E-8FC0-409F-A6CB-43BDE8CEE50A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:229:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DE241E51-62CA-4BDD-9A7F-B23BEEF97844"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:230:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0ACC6310-4125-4DC3-943B-9494A8D5ECBE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:cf-release:231:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DBA563A9-3C12-4F83-9E63-BC03636BC799"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "0.141.0",
|
|
"matchCriteriaId": "C652BD1E-FCE0-4B3C-844F-5EB4251C408F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.cloudfoundry.org/cve-2016-8218/",
|
|
"source": "security_alert@emc.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |