CVE-2017-2773

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-2773
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2773.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-2773
Published
2017-06-13T06:29:00Z
Modified
2024-09-03T01:58:50.227563Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.

References

Affected packages

Git / github.com/cloudfoundry/uaa

Affected versions

1.*

1.0.1
1.0.2
1.0.3
1.1
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1