CVE-2018-1192

Source
https://cve.org/CVERecord?id=CVE-2018-1192
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1192.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1192
Aliases
Published
2018-02-01T20:29:00.247Z
Modified
2026-07-08T05:50:51.903800247Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:pivotal_software:cloud_foundry_cf-deployment:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "fixed": "1.7"
                }
            ],
            "vendor_product": "pivotal_software:cloud_foundry_cf-deployment",
            "source": "CPE_RANGE"
        }
    ]
}
References

Affected packages

Git
github.com/cloudfoundry-attic/cf-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry-attic/cf-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_cf-release:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "285"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

Other
-
list
log
scotty_09012012
v100
v102
v103
v104
v105
v109
v119
v132
v133
v134
v135
v136
v137
v140
v143
v156
v157
v161
v170
v183
v205
v245
v249
v253
v260
v262
v275
v276
v278
v283
v284
v99
works-for-us
rc145.*
rc145.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1192.json"
github.com/cloudfoundry/uaa

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa
Events
Database specific
{
    "cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.5"
        },
        {
            "introduced": "4.7.0"
        },
        {
            "fixed": "4.7.4"
        },
        {
            "introduced": "4.8.0"
        },
        {
            "fixed": "4.8.3"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

4.*
4.5.0
4.5.1
4.5.2
4.5.3
4.7.0
4.7.1
4.7.3
4.8.0
4.8.1
4.8.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1192.json"
github.com/cloudfoundry/uaa-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:45.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:52.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:53.3:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "45.7"
        },
        {
            "last_affected": "45.7"
        },
        {
            "introduced": "52.7"
        },
        {
            "last_affected": "52.7"
        },
        {
            "introduced": "53.3"
        },
        {
            "last_affected": "53.3"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

45.*
45.7
52.*
52.7
53.*
53.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1192.json"