CVE-2018-1266

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1266

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1266.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1266

Published

2018-03-27T16:29:00.420Z

Modified

2026-04-10T04:04:59.317017Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.

References

https://www.cloudfoundry.org/blog/cve-2018-1266/

Affected packages

Git / github.com/cloudfoundry/capi-release

Affected ranges

Type

GIT

Repo

https://github.com/cloudfoundry/capi-release

Events

Introduced

Fixed

46f131f983d93e56f606a80c489931461ac60680

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.52.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.1.0

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.15.0

1.16.0

1.19.0

1.2.0

1.20.0

1.21.0

1.22.0

1.23.0

1.24.0

1.25.0

1.26.0

1.27.0

1.28.0

1.3.0

1.30.0

1.31.0

1.32.0

1.33.0

1.34.0

1.35.0

1.36.0

1.38.0

1.4.0

1.40.0

1.41.0

1.42.0

1.46.0

1.47.0

1.49.0

1.5.0

1.50.0

1.51.0

1.6.0

1.7.0

1.8.0

1.9.0

v1.*

v1.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1266.json"