CVE-2018-1266

Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:59

Type Values Removed Values Added
References () https://www.cloudfoundry.org/blog/cve-2018-1266/ - Third Party Advisory () https://www.cloudfoundry.org/blog/cve-2018-1266/ - Third Party Advisory

Information

Published : 2018-03-27 16:29

Updated : 2024-11-21 03:59


NVD link : CVE-2018-1266

Mitre link : CVE-2018-1266

CVE.ORG link : CVE-2018-1266


JSON object : View

Products Affected

cloudfoundry

  • capi-release
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-330

Use of Insufficiently Random Values