HIGH🇵🇱 Wersja polska

CVE-2018-1262

CVSS 7.2v3.0pub. 2018-05-15upd. 2024-11-21

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Cloudfoundry Cf Deployment

    APP
    Cloudfoundry
    1.27.0 – 1.31.0
  • Pivotal Software Cloud Foundry Uaa

    APP
    Pivotal Software
    4.12.04.12.14.12.24.13.04.13.14.13.24.13.34.13.4
  • Pivotal Software Cloud Foundry Uaa Release

    APP
    Pivotal Software
    5757.158
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2022-31733CRITICAL9.1ten sam produkt

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, ap...

CVE-2019-3801CRITICAL9.8ten sam produkt

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure proto...

CVE-2018-15761CRITICAL9.9ten sam produkt

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...