← Back to CVE List

CVE-2015-3191

Published: 2017-05-25T17:29Z
Last Modified: 2024-11-21T02:28Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt