Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2015-3189

UNKNOWN
Published 2017-05-25T17:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2015-3189. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Pivotal

Cloud Foundry

Affected Versions:

Runtime cf-release versions v208 or earlier UAA Standalone versions 2.2.5 or earlier Runtime 1.4.5 or earlier

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed LOW

Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password

GHSA-fj69-p8f6-q97h

Advisory Details

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions prior to 2.2.5 and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

Affected Packages

Maven org.cloudfoundry.identity:cloudfoundry-identity-server
ECOSYSTEM: ≥0 <2.2.5

CVSS Scoring

CVSS Score

2.5

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-3189
WEB https://github.com/cloudfoundry/uaa/commit/a79b89f6e4f66626914b029b7a15a423491f8013
PACKAGE https://github.com/cloudfoundry/uaa
WEB https://github.com/cloudfoundry/uaa/commits/2.2.5
WEB https://github.com/cloudfoundry/uaa/compare/2.2.4...2.2.5
WEB https://github.com/cloudfoundry/uaa/compare/2.2.5...2.2.6
WEB https://pivotal.io/security/cve-2015-3189

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: February 28, 2024

References

https://pivotal.io/security/cve-2015-3189
Published: 2017-05-25T17:00:00
Last Modified: 2024-08-06T05:39:32.005Z
Copied to clipboard!