| Vulnerability Name: | CVE-2018-1268 (CCN-144591) | ||||||||||||
| Assigned: | 2017-12-06 | ||||||||||||
| Published: | 2018-06-05 | ||||||||||||
| Updated: | 2020-05-04 | ||||||||||||
| Summary: | Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app. | ||||||||||||
| CVSS v3 Severity: | 6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1268 Source: XF Type: UNKNOWN cloudfoundry-cve20181268-sec-bypass(144591) Source: CONFIRM Type: Vendor Advisory https://www.cloudfoundry.org/blog/cve-2018-1268 Source: CCN Type: Cloud Foundry Blog, June 5, 2018 CVE-2018-1268: Loggregator lacks app GUID validation | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||