{"id":"CVE-2016-8218","details":"An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an \"Unauthenticated JWT signing algorithm in routing\" issue.","modified":"2026-04-11T17:12:30.699514Z","published":"2017-06-13T06:29:00.237Z","references":[{"type":"FIX","url":"https://www.cloudfoundry.org/cve-2016-8218/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-attic/cf-release","events":[{"introduced":"0"},{"last_affected":"7f7d1158e8f1cdc99d8c6292951d5dcb0e3ddbae"},{"last_affected":"15ead65649b3a1e8e1b8db7930c81d3c5875b582"},{"last_affected":"ee8d52f5dc2a525b6b376c1b4928eddbd9daa1f0"},{"last_affected":"2531223427ab48624a6251eb4011cb74d5a442d9"},{"last_affected":"afbe01cecc67fc4fe45a1a7cfc774fc2baa25d6c"},{"last_affected":"6003f780fffc7e2e4dcf9ba76dc20a7bde65583c"},{"last_affected":"92af12278feea4e52e92229e3c256543bf2af19f"},{"last_affected":"9334295133435fa77767651030500d2b0de62611"},{"last_affected":"2121dc6405e0f036efa4dba963f7f49b07e76ffa"},{"last_affected":"b30e0fd53e3b4cccc0f0f42b03cd556122c70fbd"},{"last_affected":"2b8fcf9e7c45bdfdda3a7b2cef6e7739bce99439"},{"last_affected":"758e3ce9f67c7c1995231c5fb11ab26201d6ac55"},{"last_affected":"5fa14702bca4d36d1fdc7241c63d0b3e40dcbe90"},{"last_affected":"fdc188e64859ea1cd91b237b7abf3ee929fc8252"},{"last_affected":"5fd76c798be025101915912171ab80f85516968f"},{"last_affected":"11a07541fc3cc296516efde4b303b9f67498d394"},{"last_affected":"6793254b0a2a5b861000c7fe9d001a3e7dbc0796"},{"last_affected":"ce5a011be5cbc0f1d962e8910531542e773f117c"},{"last_affected":"e4eb9f4bb337f552fdc20df0220f662bcf5d62d9"},{"last_affected":"ebd045ff661302117b0c42e28d5770d1b742015f"},{"last_affected":"55e40e21dfa39aa2726724e14c51c93c7df5542b"},{"last_affected":"545c1f95dc1cce46cc6d2f2ccbe6510f2693ff7c"},{"last_affected":"5de34b6a1327e26dfc427989c4ae2c0c9302b719"},{"last_affected":"baa394224fc5780f641d86d97e833575ada2094b"},{"last_affected":"a7ead1d4e639153828a5add54ca16a0b45c9e22b"},{"last_affected":"3c73e6d21d24061dcd56ba141e2fca5f50600eb7"},{"last_affected":"f7e63b6fb9a2f897bcc7cb1d92edfb61df626c11"},{"last_affected":"9e31b98e104825c136d96a711bec2135f4a6ed33"}],"database_specific":{"cpe":["cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:204:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:205:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:206:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:207:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:208:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:209:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:210:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:211:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:212:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:213:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:214:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:215:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:217:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:218:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:219:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:220:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:221:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:222:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:223:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:224:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:225:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:226:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:227:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:228:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:229:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:230:*:*:*:*:*:*:*","cpe:2.3:a:cloudfoundry:cf-release:231:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"203"},{"last_affected":"204"},{"last_affected":"205"},{"last_affected":"206"},{"last_affected":"207"},{"last_affected":"208"},{"last_affected":"209"},{"last_affected":"210"},{"last_affected":"211"},{"last_affected":"212"},{"last_affected":"213"},{"last_affected":"214"},{"last_affected":"215"},{"last_affected":"217"},{"last_affected":"218"},{"last_affected":"219"},{"last_affected":"220"},{"last_affected":"221"},{"last_affected":"222"},{"last_affected":"223"},{"last_affected":"224"},{"last_affected":"225"},{"last_affected":"226"},{"last_affected":"227"},{"last_affected":"228"},{"last_affected":"229"},{"last_affected":"230"},{"last_affected":"231"}]}}],"versions":["-","list","log","rc145.0","scotty_09012012","v100","v102","v103","v104","v105","v109","v119","v132","v133","v134","v135","v136","v137","v140","v143","v156","v157","v161","v170","v183","v203","v204","v205","v206","v207","v208","v209","v210","v211","v212","v213","v214","v215","v217","v218","v219","v220","v221","v222","v223","v224","v225","v226","v227","v228","v229","v230","v231","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8218.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/routing-release","events":[{"introduced":"0"},{"last_affected":"fc9d5f2e01145ceabc137490871f9951185ce749"}],"database_specific":{"cpe":"cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"0.141.0"}]}}],"versions":["0.118.0","0.121.0","0.123.0","0.134.0","0.136.0","0.137.0","0.141.0","0.62.0","0.66.0","0.69.0","0.99.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8218.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}