PT-2018-10300 · Pivotal · Pivotal Application Manager+1

Publicado

2018-09-17

Atualizado

2019-10-03

CVE-2018-11088

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pivotal Applications Manager in Pivotal Application Service versions 2.0 prior to 2.0.21 Pivotal Applications Manager in Pivotal Application Service versions 2.1 prior to 2.1.13 Pivotal Applications Manager in Pivotal Application Service versions 2.2 prior to 2.2.5

Description The issue is related to a bug that may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact containing the CF admin credential, allowing them to escalate to an admin role.

Recommendations For versions 2.0 prior to 2.0.21, update to version 2.0.21 or later. For versions 2.1 prior to 2.1.13, update to version 2.1.13 or later. For versions 2.2 prior to 2.2.5, update to version 2.2.5 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-11088

Produtos afetados

Pivotal Application Service

Pivotal Application Manager

PT-2018-10300 · Pivotal · Pivotal Application Manager+1

CVE-2018-11088

Identificadores relacionados

Produtos afetados

Referências · 3