Description
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
Remediation
References
https://pivotal.io/security/cve-2015-3190
Related Vulnerabilities
CVE-2022-38180 Vulnerability in maven package io.ktor:ktor-client-core
CVE-2019-5786 Vulnerability in maven package org.webjars.npm:puppeteer
CVE-2019-10365 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine
CVE-2021-41182 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar