Strix
26.1K

CVE-2016-8218

UnknownEPSS 1.30%

Last modified

CVE-2016-8218 is a vulnerability of currently unknown severity. An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.. EPSS estimates a 1.30% chance of exploitation in the next 30 days.

Description

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

Metrics

EPSS Probability
1.30%

66.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CloudfoundryCf-Release<= 203
CloudfoundryCf-Release204
CloudfoundryCf-Release205
CloudfoundryCf-Release206
CloudfoundryCf-Release207
CloudfoundryCf-Release208
CloudfoundryCf-Release209
CloudfoundryCf-Release210
CloudfoundryCf-Release211
CloudfoundryCf-Release212
CloudfoundryCf-Release213
CloudfoundryCf-Release214
CloudfoundryCf-Release215
CloudfoundryCf-Release217
CloudfoundryCf-Release218
CloudfoundryCf-Release219
CloudfoundryCf-Release220
CloudfoundryCf-Release221
CloudfoundryCf-Release222
CloudfoundryCf-Release223
CloudfoundryCf-Release224
CloudfoundryCf-Release225
CloudfoundryCf-Release226
CloudfoundryCf-Release227
CloudfoundryCf-Release228
CloudfoundryCf-Release229
CloudfoundryCf-Release230
CloudfoundryCf-Release231
CloudfoundryRouting-Release<= 0.141.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-8218?
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
How severe is CVE-2016-8218?
Severity scoring for CVE-2016-8218 is pending analysis. The EPSS model estimates a 1.30% probability of exploitation in the next 30 days.
How do I fix CVE-2016-8218?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-8218?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST