ID CVE-2018-1262
Summary Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
confirm https://www.cloudfoundry.org/blog/cve-2018-1262/
Last major update 15-05-2018 - 16:29
Published 15-05-2018 - 16:29
Last modified 15-05-2018 - 16:29
Back to Top