CVE-2018-1262
moderate-risk
Published 2018-05-15
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
Do I need to act?
-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (12)
Cloud Foundry Uaa-Release
Cloud Foundry Uaa-Release
Cloud Foundry Uaa-Release
Affected Vendors
References (2)
Third Party Advisory
https://www.cloudfoundry.org/blog/cve-2018-1262/
Third Party Advisory
https://www.cloudfoundry.org/blog/cve-2018-1262/
44
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
17/34 · Moderate