CVE-2017-8031: UAA Denial of Service through client token revocation endpoint
Affected Pivotal Products and Versions
Severity is medium unless otherwise noted.
- PCF Elastic Runtime:
- All versions prior to 1.10.32
- 1.11.x versions prior to 1.11.18
- 1.12.x versions prior to 1.12.6
- PCF Operations Manager:
- All versions prior to 1.10.18
- 1.11.x prior to 1.11.13
- 1.12.x versions prior to 1.12.14
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- PCF Elastic Runtime: 1.10.32, 1.11.18, 1.12.6
- PCF Operations Manager: 1.10.18, 1.11.13, 1.12.14