CVE-2016-8218

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

Se detectó un problema en routing-release anterior a versión 0.142.0 y cf-release versiones 203 a 231 de Cloud Foundry Foundation. La lógica de comprobación incompleta en las bibliotecas JSON Web Token (JWT) puede permitir a los atacantes sin privilegios suplantar a otros usuarios en la API de enrutamiento, también se conoce como un problema de "Unauthenticated JWT signing algorithm in routing".

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-09-13 CVE Reserved
2017-06-13 CVE Published
2024-02-24 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://www.cloudfoundry.org/cve-2016-8218	2017-11-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				<= 203 Search vendor "Cloudfoundry" for product "Cf-release" and version " <= 203"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				204 Search vendor "Cloudfoundry" for product "Cf-release" and version "204"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				205 Search vendor "Cloudfoundry" for product "Cf-release" and version "205"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				206 Search vendor "Cloudfoundry" for product "Cf-release" and version "206"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				207 Search vendor "Cloudfoundry" for product "Cf-release" and version "207"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				208 Search vendor "Cloudfoundry" for product "Cf-release" and version "208"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				209 Search vendor "Cloudfoundry" for product "Cf-release" and version "209"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				210 Search vendor "Cloudfoundry" for product "Cf-release" and version "210"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				211 Search vendor "Cloudfoundry" for product "Cf-release" and version "211"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				212 Search vendor "Cloudfoundry" for product "Cf-release" and version "212"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				213 Search vendor "Cloudfoundry" for product "Cf-release" and version "213"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				214 Search vendor "Cloudfoundry" for product "Cf-release" and version "214"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				215 Search vendor "Cloudfoundry" for product "Cf-release" and version "215"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				217 Search vendor "Cloudfoundry" for product "Cf-release" and version "217"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				218 Search vendor "Cloudfoundry" for product "Cf-release" and version "218"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				219 Search vendor "Cloudfoundry" for product "Cf-release" and version "219"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				220 Search vendor "Cloudfoundry" for product "Cf-release" and version "220"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				221 Search vendor "Cloudfoundry" for product "Cf-release" and version "221"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				222 Search vendor "Cloudfoundry" for product "Cf-release" and version "222"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				223 Search vendor "Cloudfoundry" for product "Cf-release" and version "223"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				224 Search vendor "Cloudfoundry" for product "Cf-release" and version "224"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				225 Search vendor "Cloudfoundry" for product "Cf-release" and version "225"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				226 Search vendor "Cloudfoundry" for product "Cf-release" and version "226"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				227 Search vendor "Cloudfoundry" for product "Cf-release" and version "227"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				228 Search vendor "Cloudfoundry" for product "Cf-release" and version "228"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				229 Search vendor "Cloudfoundry" for product "Cf-release" and version "229"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				230 Search vendor "Cloudfoundry" for product "Cf-release" and version "230"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Cf-release Search vendor "Cloudfoundry" for product "Cf-release"				231 Search vendor "Cloudfoundry" for product "Cf-release" and version "231"		-		Affected
Cloudfoundry Search vendor "Cloudfoundry"		Routing-release Search vendor "Cloudfoundry" for product "Routing-release"				<= 0.141.0 Search vendor "Cloudfoundry" for product "Routing-release" and version " <= 0.141.0"		-		Affected