Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Remediation

References

https://github.com/cloudfoundry/cf-release/releases/tag/v240

https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3

https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3

https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6

https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3

https://github.com/cloudfoundry/uaa/releases/tag/3.4.2

https://pivotal.io/security/cve-2016-5016

Related Vulnerabilities

CVE-2020-7739 Vulnerability in npm package phantomjs-seo

CVE-2020-26302 Vulnerability in maven package org.webjars.npm:is_js

CVE-2020-11023 Vulnerability in maven package org.webjars.bower:jquery

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12

CVE-2023-30529 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search

Severity

Medium

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Release Notes Third Party Advisory Vendor Advisory