Vulnerability Details CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2018-1262
-
cpe:2.3:a:cloudfoundry:cf-deployment:1.27.0
-
cpe:2.3:a:cloudfoundry:cf-deployment:1.28.0
-
cpe:2.3:a:cloudfoundry:cf-deployment:1.29.0
-
cpe:2.3:a:cloudfoundry:cf-deployment:1.30.0
-
cpe:2.3:a:cloudfoundry:cf-deployment:1.31.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:58
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.4