CVE-2018-1262

August 17, 2021

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

Summary:

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

Reference Links(if available):

  • https://www.cloudfoundry.org/blog/cve-2018-1262/

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P

    v3: / HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    iStock 154974489

    Cyber Assessment Framework 3.2

    April 19, 2024
    hkcert

    Palo Alto Products Remote Code Execution Vulnerability

    April 19, 2024
    HIBP Banner 1

    Le Slip Français – 1,495,127 breached accounts

    April 19, 2024
    CISA Logo

    CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

    April 19, 2024
    CISA Logo

    CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    April 19, 2024