First published: Tue May 15 2018(Updated: )
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
Credit: security_alert@emc.com security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pivotal Software Cloud Foundry Uaa | =4.12.0 | |
Pivotal Software Cloud Foundry Uaa | =4.12.1 | |
Pivotal Software Cloud Foundry Uaa | =4.12.2 | |
Pivotal Software Cloud Foundry Uaa | =4.13.0 | |
Pivotal Software Cloud Foundry Uaa | =4.13.1 | |
Pivotal Software Cloud Foundry Uaa | =4.13.2 | |
Pivotal Software Cloud Foundry Uaa | =4.13.3 | |
Pivotal Software Cloud Foundry Uaa | =4.13.4 | |
Pivotal Software Cloud Foundry Uaa-release | =57 | |
Pivotal Software Cloud Foundry Uaa-release | =57.1 | |
Pivotal Software Cloud Foundry Uaa-release | =58 | |
Cloudfoundry Cf-deployment | >=1.27.0<=1.31.0 | |
maven/org.cloudfoundry.identity:cloudfoundry-identity-server | >=4.13.0<4.13.4 | 4.13.4 |
maven/org.cloudfoundry.identity:cloudfoundry-identity-server | >=4.12.0<4.12.2 | 4.12.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1262 is a vulnerability in Cloud Foundry Foundation UAA versions 4.12.X and 4.13.X.
CVE-2018-1262 has a severity level of 7.2 (high).
This vulnerability allows privilege escalation by granting administrative access to other identity zones.
CVE-2018-1262 affects versions 4.12.X and 4.13.X of Cloud Foundry Foundation UAA.
You can find more information about CVE-2018-1262 at the following link: [CVE-2018-1262](https://www.cloudfoundry.org/blog/cve-2018-1262/).