Vulnerability Details CVE-2018-1190
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2018-1190
-
cpe:2.3:a:cloudfoundry:cf-release:100
-
cpe:2.3:a:cloudfoundry:cf-release:101
-
cpe:2.3:a:cloudfoundry:cf-release:102
-
cpe:2.3:a:cloudfoundry:cf-release:103
-
cpe:2.3:a:cloudfoundry:cf-release:104
-
cpe:2.3:a:cloudfoundry:cf-release:105
-
cpe:2.3:a:cloudfoundry:cf-release:106
-
cpe:2.3:a:cloudfoundry:cf-release:107
-
cpe:2.3:a:cloudfoundry:cf-release:108
-
cpe:2.3:a:cloudfoundry:cf-release:109
-
cpe:2.3:a:cloudfoundry:cf-release:110
-
cpe:2.3:a:cloudfoundry:cf-release:111
-
cpe:2.3:a:cloudfoundry:cf-release:112
-
cpe:2.3:a:cloudfoundry:cf-release:113
-
cpe:2.3:a:cloudfoundry:cf-release:114
-
cpe:2.3:a:cloudfoundry:cf-release:115
-
cpe:2.3:a:cloudfoundry:cf-release:116
-
cpe:2.3:a:cloudfoundry:cf-release:117
-
cpe:2.3:a:cloudfoundry:cf-release:118
-
cpe:2.3:a:cloudfoundry:cf-release:119
-
cpe:2.3:a:cloudfoundry:cf-release:120
-
cpe:2.3:a:cloudfoundry:cf-release:121
-
cpe:2.3:a:cloudfoundry:cf-release:122
-
cpe:2.3:a:cloudfoundry:cf-release:123
-
cpe:2.3:a:cloudfoundry:cf-release:124
-
cpe:2.3:a:cloudfoundry:cf-release:125
-
cpe:2.3:a:cloudfoundry:cf-release:126
-
cpe:2.3:a:cloudfoundry:cf-release:127
-
cpe:2.3:a:cloudfoundry:cf-release:128
-
cpe:2.3:a:cloudfoundry:cf-release:129
-
cpe:2.3:a:cloudfoundry:cf-release:130
-
cpe:2.3:a:cloudfoundry:cf-release:131
-
cpe:2.3:a:cloudfoundry:cf-release:132
-
cpe:2.3:a:cloudfoundry:cf-release:133
-
cpe:2.3:a:cloudfoundry:cf-release:134
-
cpe:2.3:a:cloudfoundry:cf-release:135
-
cpe:2.3:a:cloudfoundry:cf-release:136
-
cpe:2.3:a:cloudfoundry:cf-release:137
-
cpe:2.3:a:cloudfoundry:cf-release:138
-
cpe:2.3:a:cloudfoundry:cf-release:139
-
cpe:2.3:a:cloudfoundry:cf-release:140
-
cpe:2.3:a:cloudfoundry:cf-release:141
-
cpe:2.3:a:cloudfoundry:cf-release:142
-
cpe:2.3:a:cloudfoundry:cf-release:143
-
cpe:2.3:a:cloudfoundry:cf-release:144
-
cpe:2.3:a:cloudfoundry:cf-release:145
-
cpe:2.3:a:cloudfoundry:cf-release:146
-
cpe:2.3:a:cloudfoundry:cf-release:147
-
cpe:2.3:a:cloudfoundry:cf-release:148
-
cpe:2.3:a:cloudfoundry:cf-release:149
-
cpe:2.3:a:cloudfoundry:cf-release:150
-
cpe:2.3:a:cloudfoundry:cf-release:151
-
cpe:2.3:a:cloudfoundry:cf-release:152
-
cpe:2.3:a:cloudfoundry:cf-release:153
-
cpe:2.3:a:cloudfoundry:cf-release:154
-
cpe:2.3:a:cloudfoundry:cf-release:155
-
cpe:2.3:a:cloudfoundry:cf-release:156
-
cpe:2.3:a:cloudfoundry:cf-release:157
-
cpe:2.3:a:cloudfoundry:cf-release:158
-
cpe:2.3:a:cloudfoundry:cf-release:159
-
cpe:2.3:a:cloudfoundry:cf-release:160
-
cpe:2.3:a:cloudfoundry:cf-release:161
-
cpe:2.3:a:cloudfoundry:cf-release:162
-
cpe:2.3:a:cloudfoundry:cf-release:163
-
cpe:2.3:a:cloudfoundry:cf-release:164
-
cpe:2.3:a:cloudfoundry:cf-release:165
-
cpe:2.3:a:cloudfoundry:cf-release:166
-
cpe:2.3:a:cloudfoundry:cf-release:167
-
cpe:2.3:a:cloudfoundry:cf-release:168
-
cpe:2.3:a:cloudfoundry:cf-release:169
-
cpe:2.3:a:cloudfoundry:cf-release:170
-
cpe:2.3:a:cloudfoundry:cf-release:171
-
cpe:2.3:a:cloudfoundry:cf-release:172
-
cpe:2.3:a:cloudfoundry:cf-release:173
-
cpe:2.3:a:cloudfoundry:cf-release:174
-
cpe:2.3:a:cloudfoundry:cf-release:175
-
cpe:2.3:a:cloudfoundry:cf-release:176
-
cpe:2.3:a:cloudfoundry:cf-release:177
-
cpe:2.3:a:cloudfoundry:cf-release:178
-
cpe:2.3:a:cloudfoundry:cf-release:179
-
cpe:2.3:a:cloudfoundry:cf-release:180
-
cpe:2.3:a:cloudfoundry:cf-release:181
-
cpe:2.3:a:cloudfoundry:cf-release:182
-
cpe:2.3:a:cloudfoundry:cf-release:183
-
cpe:2.3:a:cloudfoundry:cf-release:184
-
cpe:2.3:a:cloudfoundry:cf-release:185
-
cpe:2.3:a:cloudfoundry:cf-release:186
-
cpe:2.3:a:cloudfoundry:cf-release:187
-
cpe:2.3:a:cloudfoundry:cf-release:188
-
cpe:2.3:a:cloudfoundry:cf-release:189
-
cpe:2.3:a:cloudfoundry:cf-release:190
-
cpe:2.3:a:cloudfoundry:cf-release:191
-
cpe:2.3:a:cloudfoundry:cf-release:192
-
cpe:2.3:a:cloudfoundry:cf-release:193
-
cpe:2.3:a:cloudfoundry:cf-release:194
-
cpe:2.3:a:cloudfoundry:cf-release:195
-
cpe:2.3:a:cloudfoundry:cf-release:196
-
cpe:2.3:a:cloudfoundry:cf-release:197
-
cpe:2.3:a:cloudfoundry:cf-release:198
-
cpe:2.3:a:cloudfoundry:cf-release:199
-
cpe:2.3:a:cloudfoundry:cf-release:200
-
cpe:2.3:a:cloudfoundry:cf-release:201
-
cpe:2.3:a:cloudfoundry:cf-release:202
-
cpe:2.3:a:cloudfoundry:cf-release:203
-
cpe:2.3:a:cloudfoundry:cf-release:204
-
cpe:2.3:a:cloudfoundry:cf-release:205
-
cpe:2.3:a:cloudfoundry:cf-release:206
-
cpe:2.3:a:cloudfoundry:cf-release:207
-
cpe:2.3:a:cloudfoundry:cf-release:208
-
cpe:2.3:a:cloudfoundry:cf-release:209
-
cpe:2.3:a:cloudfoundry:cf-release:210
-
cpe:2.3:a:cloudfoundry:cf-release:211
-
cpe:2.3:a:cloudfoundry:cf-release:212
-
cpe:2.3:a:cloudfoundry:cf-release:213
-
cpe:2.3:a:cloudfoundry:cf-release:214
-
cpe:2.3:a:cloudfoundry:cf-release:215
-
cpe:2.3:a:cloudfoundry:cf-release:216
-
cpe:2.3:a:cloudfoundry:cf-release:217
-
cpe:2.3:a:cloudfoundry:cf-release:218
-
cpe:2.3:a:cloudfoundry:cf-release:219
-
cpe:2.3:a:cloudfoundry:cf-release:220
-
cpe:2.3:a:cloudfoundry:cf-release:221
-
cpe:2.3:a:cloudfoundry:cf-release:222
-
cpe:2.3:a:cloudfoundry:cf-release:223
-
cpe:2.3:a:cloudfoundry:cf-release:224
-
cpe:2.3:a:cloudfoundry:cf-release:225
-
cpe:2.3:a:cloudfoundry:cf-release:226
-
cpe:2.3:a:cloudfoundry:cf-release:227
-
cpe:2.3:a:cloudfoundry:cf-release:228
-
cpe:2.3:a:cloudfoundry:cf-release:229
-
cpe:2.3:a:cloudfoundry:cf-release:230
-
cpe:2.3:a:cloudfoundry:cf-release:231
-
cpe:2.3:a:cloudfoundry:cf-release:232
-
cpe:2.3:a:cloudfoundry:cf-release:233
-
cpe:2.3:a:cloudfoundry:cf-release:234
-
cpe:2.3:a:cloudfoundry:cf-release:235
-
cpe:2.3:a:cloudfoundry:cf-release:236
-
cpe:2.3:a:cloudfoundry:cf-release:237
-
cpe:2.3:a:cloudfoundry:cf-release:238
-
cpe:2.3:a:cloudfoundry:cf-release:239
-
cpe:2.3:a:cloudfoundry:cf-release:240
-
cpe:2.3:a:cloudfoundry:cf-release:241
-
cpe:2.3:a:cloudfoundry:cf-release:242
-
cpe:2.3:a:cloudfoundry:cf-release:243
-
cpe:2.3:a:cloudfoundry:cf-release:244
-
cpe:2.3:a:cloudfoundry:cf-release:245
-
cpe:2.3:a:cloudfoundry:cf-release:246
-
cpe:2.3:a:cloudfoundry:cf-release:247
-
cpe:2.3:a:cloudfoundry:cf-release:248
-
cpe:2.3:a:cloudfoundry:cf-release:249
-
cpe:2.3:a:cloudfoundry:cf-release:250
-
cpe:2.3:a:cloudfoundry:cf-release:251
-
cpe:2.3:a:cloudfoundry:cf-release:252
-
cpe:2.3:a:cloudfoundry:cf-release:253
-
cpe:2.3:a:cloudfoundry:cf-release:254
-
cpe:2.3:a:cloudfoundry:cf-release:255
-
cpe:2.3:a:cloudfoundry:cf-release:256
-
cpe:2.3:a:cloudfoundry:cf-release:257
-
cpe:2.3:a:cloudfoundry:cf-release:258
-
cpe:2.3:a:cloudfoundry:cf-release:259
-
cpe:2.3:a:cloudfoundry:cf-release:260
-
cpe:2.3:a:cloudfoundry:cf-release:261
-
cpe:2.3:a:cloudfoundry:cf-release:262
-
cpe:2.3:a:cloudfoundry:cf-release:263
-
cpe:2.3:a:cloudfoundry:cf-release:264
-
cpe:2.3:a:cloudfoundry:cf-release:265
-
cpe:2.3:a:cloudfoundry:cf-release:266
-
cpe:2.3:a:cloudfoundry:cf-release:267
-
cpe:2.3:a:cloudfoundry:cf-release:268
-
cpe:2.3:a:cloudfoundry:cf-release:269
-
cpe:2.3:a:cloudfoundry:cf-release:68
-
cpe:2.3:a:cloudfoundry:cf-release:69
-
cpe:2.3:a:cloudfoundry:cf-release:70
-
cpe:2.3:a:cloudfoundry:cf-release:71
-
cpe:2.3:a:cloudfoundry:cf-release:72
-
cpe:2.3:a:cloudfoundry:cf-release:73
-
cpe:2.3:a:cloudfoundry:cf-release:74
-
cpe:2.3:a:cloudfoundry:cf-release:75
-
cpe:2.3:a:cloudfoundry:cf-release:76
-
cpe:2.3:a:cloudfoundry:cf-release:77
-
cpe:2.3:a:cloudfoundry:cf-release:78
-
cpe:2.3:a:cloudfoundry:cf-release:79
-
cpe:2.3:a:cloudfoundry:cf-release:80
-
cpe:2.3:a:cloudfoundry:cf-release:81
-
cpe:2.3:a:cloudfoundry:cf-release:82
-
cpe:2.3:a:cloudfoundry:cf-release:83
-
cpe:2.3:a:cloudfoundry:cf-release:84
-
cpe:2.3:a:cloudfoundry:cf-release:85
-
cpe:2.3:a:cloudfoundry:cf-release:86
-
cpe:2.3:a:cloudfoundry:cf-release:87
-
cpe:2.3:a:cloudfoundry:cf-release:88
-
cpe:2.3:a:cloudfoundry:cf-release:89
-
cpe:2.3:a:cloudfoundry:cf-release:90
-
cpe:2.3:a:cloudfoundry:cf-release:91
-
cpe:2.3:a:cloudfoundry:cf-release:92
-
cpe:2.3:a:cloudfoundry:cf-release:93
-
cpe:2.3:a:cloudfoundry:cf-release:94
-
cpe:2.3:a:cloudfoundry:cf-release:95
-
cpe:2.3:a:cloudfoundry:cf-release:96
-
cpe:2.3:a:cloudfoundry:cf-release:97
-
cpe:2.3:a:cloudfoundry:cf-release:98
-
cpe:2.3:a:cloudfoundry:cf-release:99
-
cpe:2.3:a:pivotal:uaa:*
-
cpe:2.3:a:pivotal:uaa_bosh:*