CVE-2017-8031

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-8031

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8031.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-8031

Aliases

GHSA-j4p3-2m2h-cv5f

Published

2017-11-27T10:29:00Z

Modified

2024-09-03T01:56:50.309291Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.

References

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/uaa-release
Events: Introduced

8c5ccff535f9fb3b924a3d1c52f795b0f8242054

Fixed

47fe67cb5e95fe976deccbea73c1749cc1323e1d

Affected versions

Other

v30

v30.*

v30.1

v30.2

v30.3

v30.4

v30.5