Description

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Remediation

References

https://github.com/cloudfoundry/cf-release/releases/tag/v240

https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6

https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3

https://github.com/cloudfoundry/uaa/releases/tag/3.4.2

https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3

https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3

https://pivotal.io/security/cve-2016-5016

Related Vulnerabilities

CVE-2019-10463 Vulnerability in maven package org.jenkins-ci.plugins:dynatrace-dashboard

CVE-2023-25572 Vulnerability in maven package org.webjars.npm:react-admin

CVE-2021-23360 Vulnerability in npm package killport

CVE-2019-10346 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status

CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

Severity

Medium

Classification

CWE-295 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Release Notes Third Party Advisory Vendor Advisory