CVE-2018-1262
- Source
- https://cve.org/CVERecord?id=CVE-2018-1262
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1262.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-1262
- Aliases
- Published
- 2018-05-15T20:29:00.400Z
- Modified
- 2026-04-10T04:04:58.816532Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
- References
Affected packages
Git / github.com/cloudfoundry/cf-deployment
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/cf-deployment
- Events
-
IntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "1.27.0" }, { "last_affected": "1.31.0" } ] }
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "4.12.0" }, { "introduced": "0" }, { "last_affected": "4.12.1" }, { "introduced": "0" }, { "last_affected": "4.12.2" }, { "introduced": "0" }, { "last_affected": "4.13.0" }, { "introduced": "0" }, { "last_affected": "4.13.1" }, { "introduced": "0" }, { "last_affected": "4.13.2" }, { "introduced": "0" }, { "last_affected": "4.13.3" }, { "introduced": "0" }, { "last_affected": "4.13.4" } ] }
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "57" }, { "introduced": "0" }, { "last_affected": "57.1" }, { "introduced": "0" }, { "last_affected": "58" } ] }
Affected versions
1.*
1.0.1
1.0.3
1.1
1.1.1
1.1.2
1.2.0
1.2.6
1.4.0
1.4.1
1.4.2
1.4.3
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.1
1.6.2
1.8.0
4.*
4.10.0
4.11.0
4.12.0
4.12.1
4.12.2
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.9.0
Other
ci-upgrade
travis-success-1475
travis-success-1478
travis-success-1497
v10
v11
v12
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v3
v31
v53
v55
v56
v57
v58
v6
v7
v8
v9
v1.*
v1.27.0
v1.28.0
v1.29.0
v1.30.0
v1.31.0
v12.*
v12.3
v57.*
v57.1