In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2018-1195/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Aug 2022, 20:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:pivotal_software:cloud_controller:*:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:cf-release:*:*:*:*:*:*:*:* |
cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:* cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:* cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:* |
First Time |
Cloudfoundry cf-release
Cloudfoundry capi-release Cloudfoundry cf-deployment Cloudfoundry |
Information
Published : 2018-03-19 18:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-1195
Mitre link : CVE-2018-1195
CVE.ORG link : CVE-2018-1195
JSON object : View
Products Affected
cloudfoundry
- cf-deployment
- capi-release
- cf-release
CWE
CWE-613
Insufficient Session Expiration