CVE-2018-1262

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1262

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1262.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1262

Aliases

GHSA-8v97-gv3g-32rf

Published

2018-05-15T20:29:00Z

Modified

2024-09-03T02:08:24.750555Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

References

https://www.cloudfoundry.org/blog/cve-2018-1262/

Affected packages

Git / github.com/cloudfoundry/uaa

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/uaa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

18e9629e64e4ece65e5325283181444f02743bb3

Last affected

2dcf15a5cb14e4a3758bd2a846ac5b456da78794

Last affected

53d9f8ad47319cc42d9c2f8289d68acff73ade71

Last affected

8f58f9a92543ba316b432947b003dc56852ba908

Last affected

c95b86a6c73517a03a52b8c10105dda83fc0ce11

Last affected

cbb6bf60b5d52caeb24683298eea82f353117d40

Last affected

edc370f2ab0f701534dc21a53d75eab668cfd8c1

Last affected

fc5a1e18aafdd66d78e36cabf46560db31895dab

Type: GIT
Repo: https://github.com/cloudfoundry/uaa-release
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2b0f68c74879c286ee85d574c0a65c11a0737036

Last affected

c3e1799168522ce42925bb8831ec528c67181e92

Last affected

c77824c1ab71028a739a1fd5fdff4949ca1b1fe4

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.1

1.1.1

1.1.2

1.10

1.11

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.5.0

1.5.2

1.5.2.1

1.5.3

1.5.4

1.5.4.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.9.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.2.0

2.2.4

2.2.4.1

2.2.5

2.2.6

2.3.0

2.3.1

2.3.1.1

2.4.0

2.4.1

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.6.2

2.7.0

2.7.0.1

2.7.0.2

2.7.0.3

2.7.1

2.7.2

2.7.3

3.*

3.0.0

3.0.1

3.1.0

3.10.0

3.11.0

3.12.0

3.13.0

3.14.0

3.15.0

3.16.0

3.2.0

3.2.1

3.3.0

3.3.0.1

3.4.0

3.4.1

3.4.2

3.5.0

3.6.0

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0

3.9.0

3.9.1

3.9.2

3.9.3

4.*

4.0.0

4.1.0

4.10.0

4.11.0

4.12.0

4.12.1

4.12.2

4.2.0

4.3.0

4.4.0

4.5.0

4.6.0

4.6.1

4.7.0

4.7.1

4.7.2

4.8.0

4.8.1

4.8.2

4.8.3

4.9.0

Other

ci-upgrade

lenient_hybrid_flow

travis-success-1475

travis-success-1478

travis-success-1497

v10

v11

v12

v13

v14

v15

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v27

v28

v30

v31

v33

v39

v40

v41

v43

v44

v45

v50

v51

v52

v53

v54

v55

v56

v57

v11.*

v11.1

v11.2

v11.3

v12.*

v12.1

v12.2

v12.3

v30.*

v30.1