VIR Vulnerability Intelligence Relay

CVE-2016-8218

critical
Published 2017-06-13 · Modified 2026-05-13
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
7.5
VIR risk
9.8

Description

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security_alert@emc.com — https://www.cloudfoundry.org/cve-2016-8218/

Application impact
VendorProductVersionsFixed
cloudfoundrycf-release{"endIncluding":"203"}
cloudfoundrycf-release204
cloudfoundrycf-release205
cloudfoundrycf-release206
cloudfoundrycf-release207
cloudfoundrycf-release208
cloudfoundrycf-release209
cloudfoundrycf-release210
cloudfoundrycf-release211
cloudfoundrycf-release212
cloudfoundrycf-release213
cloudfoundrycf-release214
cloudfoundrycf-release215
cloudfoundrycf-release217
cloudfoundrycf-release218
cloudfoundrycf-release219
cloudfoundrycf-release220
cloudfoundrycf-release221
cloudfoundrycf-release222
cloudfoundrycf-release223
cloudfoundrycf-release224
cloudfoundrycf-release225
cloudfoundrycf-release226
cloudfoundrycf-release227
cloudfoundrycf-release228
cloudfoundrycf-release229
cloudfoundrycf-release230
cloudfoundrycf-release231
cloudfoundryrouting-release{"endIncluding":"0.141.0"}

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.