An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2017-06-13T06:00:00

Updated: 2024-08-05T14:02:07.773Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2773

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-06-13T06:29:00.300

Modified: 2024-11-21T03:24:07.823

Link: CVE-2017-2773

cve-icon Redhat

No data.