CVE-2018-1268

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
cloudfoundryloggregator
89 ≤
𝑥
< 89.5
cloudfoundryloggregator
96 ≤
𝑥
< 96.1
cloudfoundryloggregator
99 ≤
𝑥
< 99.1
cloudfoundryloggregator
101 ≤
𝑥
< 101.9
cloudfoundryloggregator
102 ≤
𝑥
< 102.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cloudfoundry.org/blog/cve-2018-1268
https://www.cloudfoundry.org/blog/cve-2018-1268