Cross-site Request Forgery (CSRF) Affecting org.cloudfoundry.identity:cloudfoundry-identity-login package, versions [,2.5.2)

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.07% (29^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGCLOUDFOUNDRYIDENTITY-31057
published 28 Sep 2016
disclosed 28 Sep 2016
credit Jay Patel

Report a new vulnerability Found a mistake?

Introduced: 28 Sep 2016

CVE-2015-5170 Open this link in a new tab CWE-352 Open this link in a new tab

Overview

org.cloudfoundry.identity:cloudfoundry-identity-login Affected versions of the package are vulnerable to Cross-site Request Forgery (CSRF). It is possible to log the user into another account instead of the account they intended to log into because due to lack of CSRF checks.

References

Pivotal Security Advisory