CVE-2016-8218
Summary
| CVE | CVE-2016-8218 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-13 06:29:00 UTC |
| Updated | 2017-11-08 12:57:00 UTC |
| Description | An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudfoundry | Cf-release | 204 | All | All | All |
| Application | Cloudfoundry | Cf-release | 205 | All | All | All |
| Application | Cloudfoundry | Cf-release | 206 | All | All | All |
| Application | Cloudfoundry | Cf-release | 207 | All | All | All |
| Application | Cloudfoundry | Cf-release | 208 | All | All | All |
| Application | Cloudfoundry | Cf-release | 209 | All | All | All |
| Application | Cloudfoundry | Cf-release | 210 | All | All | All |
| Application | Cloudfoundry | Cf-release | 211 | All | All | All |
| Application | Cloudfoundry | Cf-release | 212 | All | All | All |
| Application | Cloudfoundry | Cf-release | 213 | All | All | All |
| Application | Cloudfoundry | Cf-release | 214 | All | All | All |
| Application | Cloudfoundry | Cf-release | 215 | All | All | All |
| Application | Cloudfoundry | Cf-release | 217 | All | All | All |
| Application | Cloudfoundry | Cf-release | 218 | All | All | All |
| Application | Cloudfoundry | Cf-release | 219 | All | All | All |
| Application | Cloudfoundry | Cf-release | 220 | All | All | All |
| Application | Cloudfoundry | Cf-release | 221 | All | All | All |
| Application | Cloudfoundry | Cf-release | 222 | All | All | All |
| Application | Cloudfoundry | Cf-release | 223 | All | All | All |
| Application | Cloudfoundry | Cf-release | 224 | All | All | All |
| Application | Cloudfoundry | Cf-release | 225 | All | All | All |
| Application | Cloudfoundry | Cf-release | 226 | All | All | All |
| Application | Cloudfoundry | Cf-release | 227 | All | All | All |
| Application | Cloudfoundry | Cf-release | 228 | All | All | All |
| Application | Cloudfoundry | Cf-release | 229 | All | All | All |
| Application | Cloudfoundry | Cf-release | 230 | All | All | All |
| Application | Cloudfoundry | Cf-release | 231 | All | All | All |
| Application | Cloudfoundry | Cf-release | 204 | All | All | All |
| Application | Cloudfoundry | Cf-release | 205 | All | All | All |
| Application | Cloudfoundry | Cf-release | 206 | All | All | All |
| Application | Cloudfoundry | Cf-release | 207 | All | All | All |
| Application | Cloudfoundry | Cf-release | 208 | All | All | All |
| Application | Cloudfoundry | Cf-release | 209 | All | All | All |
| Application | Cloudfoundry | Cf-release | 210 | All | All | All |
| Application | Cloudfoundry | Cf-release | 211 | All | All | All |
| Application | Cloudfoundry | Cf-release | 212 | All | All | All |
| Application | Cloudfoundry | Cf-release | 213 | All | All | All |
| Application | Cloudfoundry | Cf-release | 214 | All | All | All |
| Application | Cloudfoundry | Cf-release | 215 | All | All | All |
| Application | Cloudfoundry | Cf-release | 217 | All | All | All |
| Application | Cloudfoundry | Cf-release | 218 | All | All | All |
| Application | Cloudfoundry | Cf-release | 219 | All | All | All |
| Application | Cloudfoundry | Cf-release | 220 | All | All | All |
| Application | Cloudfoundry | Cf-release | 221 | All | All | All |
| Application | Cloudfoundry | Cf-release | 222 | All | All | All |
| Application | Cloudfoundry | Cf-release | 223 | All | All | All |
| Application | Cloudfoundry | Cf-release | 224 | All | All | All |
| Application | Cloudfoundry | Cf-release | 225 | All | All | All |
| Application | Cloudfoundry | Cf-release | 226 | All | All | All |
| Application | Cloudfoundry | Cf-release | 227 | All | All | All |
| Application | Cloudfoundry | Cf-release | 228 | All | All | All |
| Application | Cloudfoundry | Cf-release | 229 | All | All | All |
| Application | Cloudfoundry | Cf-release | 230 | All | All | All |
| Application | Cloudfoundry | Cf-release | 231 | All | All | All |
| Application | Cloudfoundry | Cf-release | All | All | All | All |
| Application | Cloudfoundry | Routing-release | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2016-8218: Unauthenticated JWT signing algorithm in routing | Cloud Foundry | CONFIRM | www.cloudfoundry.org | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.