CVE-2016-8218
CRITICALCloud Foundry Foundation <0.142.0 and cf-release 203-231 - Auth Bypass
Title source: llmDescription
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/cve-2016-8218/
Scores
CVSS v3
9.8
EPSS
0.0130
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (30)
cloudfoundry/cf-release
204
cloudfoundry/cf-release
205
cloudfoundry/cf-release
206
cloudfoundry/cf-release
207
cloudfoundry/cf-release
208
cloudfoundry/cf-release
209
cloudfoundry/cf-release
210
cloudfoundry/cf-release
211
cloudfoundry/cf-release
212
cloudfoundry/cf-release
213
... and 20 more
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026