CVE-2018-1268

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1268

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1268.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1268

Published

2018-06-06T20:29:00Z

Modified

2025-01-14T07:22:29.210854Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.

References

https://www.cloudfoundry.org/blog/cve-2018-1268

Affected packages

Git / github.com/cloudfoundry/loggregator-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/loggregator-release
Events: Introduced

c028548a7e1525e5ea7e0f99f3889e7d13a6332c

Fixed

0a7879104ee30a9d333954266e42933c0b209b8d

Affected versions

Other

v89

v89.*

v89.2

v89.3

v89.4