PT-2018-11328 · Cloud Foundry · Cloud Foundry Loggregator
Publicado
2018-06-06
·
Atualizado
2020-05-04
·
CVE-2018-1268
CVSS v3.1
6.8
Média
| Vetor | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Loggregator versions 89.x prior to 89.5
Cloud Foundry Loggregator versions 96.x prior to 96.1
Cloud Foundry Loggregator versions 99.x prior to 99.1
Cloud Foundry Loggregator versions 101.x prior to 101.9
Cloud Foundry Loggregator versions 102.x prior to 102.2
Description
The issue concerns the lack of validation for app GUID structure in requests. A remote authenticated malicious user, knowing the GUID of an app, may construct malicious requests to read from or write to the logs of that app.
Recommendations
For versions 89.x prior to 89.5, update to version 89.5 or later.
For versions 96.x prior to 96.1, update to version 96.1 or later.
For versions 99.x prior to 99.1, update to version 99.1 or later.
For versions 101.x prior to 101.9, update to version 101.9 or later.
For versions 102.x prior to 102.2, update to version 102.2 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cloud Foundry Loggregator