CVE-2018-1278

Name of the Vulnerable Software and Affected Versions Pivotal Application Service versions 1.12.x prior to 1.12.22 Pivotal Application Service versions 2.0.x prior to 2.0.13 Pivotal Application Service versions 2.1.x prior to 2.1.4

Description The issue allows a member of any organization to create invitations to any other organization for which the organization GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas, and other information about the organization.

Recommendations For versions 1.12.x prior to 1.12.22, update to version 1.12.22 or later. For versions 2.0.x prior to 2.0.13, update to version 2.0.13 or later. For versions 2.1.x prior to 2.1.4, update to version 2.1.4 or later.