PT-2018-10298 · Pivotal · Pivotal Application Service

Publicado

2018-09-17

Atualizado

2019-10-03

CVE-2018-11086

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pivotal Application Service versions 2.0 prior to 2.0.21 Pivotal Application Service versions 2.1 prior to 2.1.13 Pivotal Application Service versions 2.2 prior to 2.2.5

Description The issue is related to a bug in the Pivotal Usage Service, which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact containing the CF admin credential, allowing them to escalate to an admin role.

Recommendations For Pivotal Application Service version 2.0, update to version 2.0.21 or later. For Pivotal Application Service version 2.1, update to version 2.1.13 or later. For Pivotal Application Service version 2.2, update to version 2.2.5 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-11086

Produtos afetados

Pivotal Application Service

PT-2018-10298 · Pivotal · Pivotal Application Service

CVE-2018-11086

Identificadores relacionados

Produtos afetados

Referências · 3