CVE-2018-1192

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1192
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1192.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1192
Aliases
Published
2018-02-01T20:29:00.247Z
Modified
2026-04-10T04:04:40.825358Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.

References

Affected packages

Git / github.com/cloudfoundry/cf-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/cf-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
45d47f7ac8aced2f54e6fadf375ebc08f2e9d05f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "285"
        }
    ]
}
Type
GIT
Repo
https://github.com/cloudfoundry/uaa
Events
Introduced
df80f632e613efdf64a262dec4d015f1ccf9b8d6
Fixed
830768517c01cb62bb6dd2c47220a718f7ff9fa3
Introduced
754f2716d3d8f2e227952f74adcfde5378b17b96
Fixed
6502d3b1a267fecc5392f93dfc2727d4451e930f
Introduced
391163ebad397b8f3eb5298aa01412dd94c9a176
Fixed
782856925a559640b8a442f261b614df4376b034
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
585adc1bde0b242e204b6a6300e19ee5283c2bbe
Database specific 
{
    "versions": [
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.5"
        },
        {
            "introduced": "4.7.0"
        },
        {
            "fixed": "4.7.4"
        },
        {
            "introduced": "4.8.0"
        },
        {
            "fixed": "4.8.3"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7"
        }
    ]
}
Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
73a447e383811cdcab85c57c5f0480eb715ceb22
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
750add865cb9aa6bff5a95516791264e1d2e6529
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bc6b5748b05e80dbd659b39e0b993be08c2231dc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "45.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "52.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "53.3"
        }
    ]
}

Affected versions

Other
-
ci-upgrade
list
log
scotty_09012012
v10
v100
v102
v103
v104
v105
v109
v11
v119
v12
v132
v133
v134
v135
v136
v137
v14
v140
v143
v15
v156
v157
v16
v161
v17
v170
v18
v183
v19
v2
v20
v205
v21
v22
v23
v24
v245
v249
v25
v253
v26
v260
v262
v27
v275
v276
v278
v283
v284
v3
v31
v45
v52
v53
v6
v7
v8
v9
v99
works-for-us
1.*
1.0.1
1.0.3
1.1
1.1.1
1.1.2
1.2.0
1.2.6
1.4.0
1.4.1
1.4.2
1.4.3
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.0
1.6.4
1.6.5
4.*
4.5.0
4.5.1
4.5.2
4.5.3
4.7.0
4.7.1
4.7.3
4.8.0
4.8.1
4.8.2
rc145.*
rc145.0
v12.*
v12.3
v45.*
v45.5
v45.6
v45.7
v52.*
v52.1
v52.2
v52.4
v52.5
v52.6
v52.7
v53.*
v53.1
v53.2
v53.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1192.json"