What is the severity of CVE-2018-11083?

CVE-2018-11083 has been rated as a high severity vulnerability due to the potential for remote exploitation.

How do I fix CVE-2018-11083?

To fix CVE-2018-11083, upgrade your Cloud Foundry BOSH to version 264.14.0 or later, 265.7.0 or later, 266.8.0 or later, or 267.2.0 or later.

What types of systems are affected by CVE-2018-11083?

CVE-2018-11083 affects Cloud Foundry BOSH in various versions prior to the specified fixed versions.

What can an attacker do if they exploit CVE-2018-11083?

If exploited, an attacker can use a refresh token as an access token, gaining unauthorized access to resources.

Is there a workaround for CVE-2018-11083?

Currently, applying the recommended updates is the best method to mitigate CVE-2018-11083 as no official workaround is provided.

Vulnerability/
CVE-2018-11083

high

8.4

5/10/2018

5/8/2024

CVE-2018-11083: Bosh accepts refresh tokens in place of an access token

First published: Fri Oct 05 2018(Updated: )

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.

Credit: security_alert@emc.com

Affected Software	Affected Version	How to fix
Cloud Foundry BOSH	>=264.1<264.14.0
Cloud Foundry BOSH	>=265.1.0<265.7.0
Cloud Foundry BOSH	>=266.2.0<266.8.0

Never miss a vulnerability like this again

Reference Links

https://www.cloudfoundry.org/blog/cve-2018-11083

Frequently Asked Questions

What is the severity of CVE-2018-11083?
CVE-2018-11083 has been rated as a high severity vulnerability due to the potential for remote exploitation.
How do I fix CVE-2018-11083?
To fix CVE-2018-11083, upgrade your Cloud Foundry BOSH to version 264.14.0 or later, 265.7.0 or later, 266.8.0 or later, or 267.2.0 or later.
What types of systems are affected by CVE-2018-11083?
CVE-2018-11083 affects Cloud Foundry BOSH in various versions prior to the specified fixed versions.
What can an attacker do if they exploit CVE-2018-11083?
If exploited, an attacker can use a refresh token as an access token, gaining unauthorized access to resources.
Is there a workaround for CVE-2018-11083?
Currently, applying the recommended updates is the best method to mitigate CVE-2018-11083 as no official workaround is provided.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/author
agent/severity
agent/title
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/cloud foundry
canonical/cloud foundry bosh
version/cloud foundry bosh/264.1
version/cloud foundry bosh/265.1.0
version/cloud foundry bosh/266.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.