CVE-2018-1195
- Source
- https://cve.org/CVERecord?id=CVE-2018-1195
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1195.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-1195
- Published
- 2018-03-19T18:29:00.327Z
- Modified
- 2026-04-10T04:04:40.874429Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.
- References
Affected packages
Git / github.com/cloudfoundry-attic/cf-release
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry-attic/cf-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "283" } ] }
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/capi-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.46.0" }, { "introduced": "0" }, { "fixed": "1.3.0" } ] }
Affected versions
Other
-
list
log
scotty_09012012
v100
v102
v103
v104
v105
v109
v119
v132
v133
v134
v135
v136
v137
v140
v143
v156
v157
v161
v170
v183
v205
v245
v249
v253
v260
v262
v275
v276
v278
v99
works-for-us
1.*
1.0.0
1.1.0
1.10.0
1.11.0
1.12.0
1.13.0
1.14.0
1.15.0
1.16.0
1.19.0
1.2.0
1.20.0
1.21.0
1.22.0
1.23.0
1.24.0
1.25.0
1.26.0
1.27.0
1.28.0
1.3.0
1.30.0
1.31.0
1.32.0
1.33.0
1.34.0
1.35.0
1.36.0
1.38.0
1.4.0
1.40.0
1.41.0
1.42.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
rc145.*
rc145.0
v1.*
v1.0.0