// For flags

CVE-2016-8218

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

Se detectó un problema en routing-release anterior a versión 0.142.0 y cf-release versiones 203 a 231 de Cloud Foundry Foundation. La lógica de comprobación incompleta en las bibliotecas JSON Web Token (JWT) puede permitir a los atacantes sin privilegios suplantar a otros usuarios en la API de enrutamiento, también se conoce como un problema de "Unauthenticated JWT signing algorithm in routing".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-09-13 CVE Reserved
  • 2017-06-13 CVE Published
  • 2024-02-24 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
<= 203
Search vendor "Cloudfoundry" for product "Cf-release" and version " <= 203"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
204
Search vendor "Cloudfoundry" for product "Cf-release" and version "204"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
205
Search vendor "Cloudfoundry" for product "Cf-release" and version "205"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
206
Search vendor "Cloudfoundry" for product "Cf-release" and version "206"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
207
Search vendor "Cloudfoundry" for product "Cf-release" and version "207"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
208
Search vendor "Cloudfoundry" for product "Cf-release" and version "208"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
209
Search vendor "Cloudfoundry" for product "Cf-release" and version "209"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
210
Search vendor "Cloudfoundry" for product "Cf-release" and version "210"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
211
Search vendor "Cloudfoundry" for product "Cf-release" and version "211"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
212
Search vendor "Cloudfoundry" for product "Cf-release" and version "212"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
213
Search vendor "Cloudfoundry" for product "Cf-release" and version "213"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
214
Search vendor "Cloudfoundry" for product "Cf-release" and version "214"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
215
Search vendor "Cloudfoundry" for product "Cf-release" and version "215"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
217
Search vendor "Cloudfoundry" for product "Cf-release" and version "217"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
218
Search vendor "Cloudfoundry" for product "Cf-release" and version "218"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
219
Search vendor "Cloudfoundry" for product "Cf-release" and version "219"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
220
Search vendor "Cloudfoundry" for product "Cf-release" and version "220"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
221
Search vendor "Cloudfoundry" for product "Cf-release" and version "221"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
222
Search vendor "Cloudfoundry" for product "Cf-release" and version "222"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
223
Search vendor "Cloudfoundry" for product "Cf-release" and version "223"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
224
Search vendor "Cloudfoundry" for product "Cf-release" and version "224"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
225
Search vendor "Cloudfoundry" for product "Cf-release" and version "225"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
226
Search vendor "Cloudfoundry" for product "Cf-release" and version "226"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
227
Search vendor "Cloudfoundry" for product "Cf-release" and version "227"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
228
Search vendor "Cloudfoundry" for product "Cf-release" and version "228"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
229
Search vendor "Cloudfoundry" for product "Cf-release" and version "229"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
230
Search vendor "Cloudfoundry" for product "Cf-release" and version "230"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Cf-release
Search vendor "Cloudfoundry" for product "Cf-release"
231
Search vendor "Cloudfoundry" for product "Cf-release" and version "231"
-
Affected
Cloudfoundry
Search vendor "Cloudfoundry"
Routing-release
Search vendor "Cloudfoundry" for product "Routing-release"
<= 0.141.0
Search vendor "Cloudfoundry" for product "Routing-release" and version " <= 0.141.0"
-
Affected