Vulnerabilities > CVE-2018-1195 - Insufficient Session Expiration vulnerability in Cloudfoundry Cf-Release

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
cloudfoundry
CWE-613

Summary

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.

Vulnerable Configurations

Part Description Count
Application
Cloudfoundry
365

Common Weakness Enumeration (CWE)