CVE-2018-1267
First published: Tue Mar 27 2018(Updated: )
Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloud Foundry Silk Release | <0.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1267?
CVE-2018-1267 has a medium severity rating due to improper access control vulnerabilities.
How do I fix CVE-2018-1267?
To fix CVE-2018-1267, upgrade the Cloud Foundry Silk CNI plugin to version 0.2.0 or later.
What systems are affected by CVE-2018-1267?
CVE-2018-1267 affects Cloud Foundry Silk release versions prior to 0.2.0.
What type of vulnerability is CVE-2018-1267?
CVE-2018-1267 is classified as an improper access control vulnerability.
What are the implications of CVE-2018-1267?
The implications of CVE-2018-1267 allow applications to access each other on the network without appropriate restrictions.
- agent/type
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cloudfoundry
- canonical/cloud foundry silk release