Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2018-1262/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2018-05-15 20:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-1262
Mitre link : CVE-2018-1262
CVE.ORG link : CVE-2018-1262
JSON object : View
Products Affected
cloudfoundry
- cf-deployment
pivotal_software
- cloud_foundry_uaa
- cloud_foundry_uaa-release
CWE