CVE-2018-1262

Published: May 15, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

Affected (12)

Products: Pivotal Software: Cloud Foundry Uaa, Cloud Foundry Uaa Release · Cloudfoundry: Cf Deployment

Pivotal Software

2 products

Cloud Foundry Uaa

Cloud Foundry Uaa Release

Cloudfoundry

1 product

Cf Deployment

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Cloud Foundry Uaa	Version 4.12.0
Pivotal Software Cloud Foundry Uaa	Version 4.12.1
Pivotal Software Cloud Foundry Uaa	Version 4.12.2
Pivotal Software Cloud Foundry Uaa	Version 4.13.0
Pivotal Software Cloud Foundry Uaa	Version 4.13.1
Pivotal Software Cloud Foundry Uaa	Version 4.13.2
Pivotal Software Cloud Foundry Uaa	Version 4.13.3
Pivotal Software Cloud Foundry Uaa	Version 4.13.4

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Cloud Foundry Uaa Release	Version 57.1
Pivotal Software Cloud Foundry Uaa Release	Version 57
Pivotal Software Cloud Foundry Uaa Release	Version 58

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Cf Deployment	From 1.27.0 to 1.31.0

References (2)

https://www.cloudfoundry.org/blog/cve-2018-1262/

Source: security_alert@emc.com

Third Party Advisory

https://www.cloudfoundry.org/blog/cve-2018-1262/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.