Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Remediation

References

https://github.com/cloudfoundry/cf-release/releases/tag/v240

https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6

https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3

https://github.com/cloudfoundry/uaa/releases/tag/3.4.2

https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3

https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3

https://pivotal.io/security/cve-2016-5016

Related Vulnerabilities

CVE-2021-43795 Vulnerability in maven package com.linecorp.armeria:armeria

CVE-2022-21670 Vulnerability in npm package markdown-it

CVE-2021-29452 Vulnerability in npm package a12n-server

CVE-2020-14968 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign

CVE-2022-31777 Vulnerability in maven package org.apache.spark:spark-core_2.13

Severity

Medium

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Release Notes Third Party Advisory Vendor Advisory