Cloud Foundry Logo

CVE-2015-9251: UAA contains vulnerable jQuery version


Share

CVE-2015-9251: UAA contains vulnerable jQuery version

Severity

Medium

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • Severity is medium unless otherwise noted.
    • UAA Release (OSS) is vulnerable prior to v73.3.0

Description

Cloud Foundry UAA versions prior to 73.3.0, contains a vulnerable version of jQuery. A remote attacker can perform Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • UAA Release (OSS)
    • Upgrade All versions to v73.3.0 or greater

History

2019-07-08: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES