CVE-2015-9251: UAA contains vulnerable jQuery version

Severity

Medium

Vendor

The OpenJS Foundation

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.
- UAA Release (OSS) is vulnerable prior to v73.3.0

Description

Cloud Foundry UAA versions prior to 73.3.0, contains a vulnerable version of jQuery. A remote attacker can perform Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

UAA Release (OSS)
- Upgrade All versions to v73.3.0 or greater

History

2019-07-08: Initial vulnerability report published.

CVE-2015-9251: UAA contains vulnerable jQuery version

Severity

Vendor

Affected Cloud Foundry Products and Versions

Description

Mitigation

History

You Might Also Like

USN-4990-1: Nettle vulnerabilities

USN-2918-1 Pixman vulnerabilities

USN-3785-1: ImageMagick vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!