CVE-2018-1262

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.cloudfoundry.org/blog/cve-2018-1262/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.4:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:58:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*
History

17 Aug 2021, 14:29

Type Values Removed Values Added
CPE cpe:2.3:a:pivotal_software:cloud_foundry_cf-deployment:*:*:*:*:*:*:*:* cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*
Information

Published : 2018-05-15 20:29

Updated : 2023-12-10 12:30

NVD link : CVE-2018-1262

Mitre link : CVE-2018-1262

CVE.ORG link : CVE-2018-1262

JSON object : View

Products Affected

pivotal_software

  • cloud_foundry_uaa-release
  • cloud_foundry_uaa

cloudfoundry

  • cf-deployment
CWE
NVD-CWE-noinfo