CVE-2016-8218

CRITICAL

Cloud Foundry Foundation <0.142.0 and cf-release 203-231 - Auth Bypass

Title source: llm
STIX 2.1

Description

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2016-8218/

Scores

CVSS v3 9.8
EPSS 0.0130
EPSS Percentile 66.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (30)
cloudfoundry/cf-release 204
cloudfoundry/cf-release 205
cloudfoundry/cf-release 206
cloudfoundry/cf-release 207
cloudfoundry/cf-release 208
cloudfoundry/cf-release 209
cloudfoundry/cf-release 210
cloudfoundry/cf-release 211
cloudfoundry/cf-release 212
cloudfoundry/cf-release 213
... and 20 more
Published Jun 13, 2017
Tracked Since Feb 18, 2026