Vulnerabilities > CVE-2018-1262

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

pivotal-software

cloudfoundry

NVD

Published: 2018-05-15

Updated: 2021-08-17

Summary

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal_Software Pivotal Software Cloud Foundry UAA 4.13.2 Pivotal Software Cloud Foundry UAA 4.13.3 Pivotal Software Cloud Foundry UAA 4.13.1 Pivotal Software Cloud Foundry UAA 4.12.1 Pivotal Software Cloud Foundry UAA 4.13.4 Pivotal Software Cloud Foundry UAA 4.12.0 Pivotal Software Cloud Foundry UAA 4.13.0 Pivotal Software Cloud Foundry UAA 4.12.2 Pivotal Software Cloud Foundry UAA Release 57.1 Pivotal Software Cloud Foundry UAA Release 58 Pivotal Software Cloud Foundry UAA Release 57	11
Application	Cloudfoundry Cloudfoundry CF Deployment 1.27.0 Cloudfoundry CF Deployment 1.28.0 Cloudfoundry CF Deployment 1.29.0 Cloudfoundry CF Deployment 1.30.0 Cloudfoundry CF Deployment 1.31.0	5

References

https://www.cloudfoundry.org/blog/cve-2018-1262/

Vulnerabilities > CVE-2018-1262 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2018-1262"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2018-1262