With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Information Disclosure
Cf Release
Cloud Foundry Elastic Runtime
Cloud Foundry Uaa
NVD
CVSS 3.1
3.7
EPSS
0.2%