Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-8031

UNKNOWN
Published 2017-11-27T10:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-8031. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Cloud Foundry UAA Denial of Service through client token revocation endpoint

GHSA-j4p3-2m2h-cv5f

Advisory Details

An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.

Affected Packages

Maven org.cloudfoundry.identity:cloudfoundry-identity-server
ECOSYSTEM: ≥4.6.0 <4.7.1
Maven org.cloudfoundry.identity:cloudfoundry-identity-server
ECOSYSTEM: ≥4.0.0 <4.5.3
Maven org.cloudfoundry.identity:cloudfoundry-identity-server
ECOSYSTEM: ≥0 <3.20.1

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-8031
WEB https://github.com/cloudfoundry/uaa/commit/1e2a746968cdac5b53164ca8955646e4257ecc7
WEB https://github.com/cloudfoundry/uaa/commit/20808046de8bbdc6fb2ac62829d4cc9d7a19f37
WEB https://github.com/cloudfoundry/uaa/commit/66166d17781aa257ff77a2fb7c69f72d0b611be
PACKAGE https://github.com/cloudfoundry/uaa
WEB https://github.com/cloudfoundry/uaa/releases/tag/3.20.1
WEB https://github.com/cloudfoundry/uaa/releases/tag/4.5.3
WEB https://github.com/cloudfoundry/uaa/releases/tag/4.7.1
WEB https://web.archive.org/web/20200227134207/http://www.securityfocus.com/bid/101967
WEB https://www.cloudfoundry.org/cve-2017-8031

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: March 1, 2024

References

https://www.cloudfoundry.org/cve-2017-8031/
http://www.securityfocus.com/bid/101967
Published: 2017-11-27T10:00:00
Last Modified: 2024-08-05T16:19:29.544Z
Copied to clipboard!