PT-2019-12227 · Pivotal · Pivotal Application Service+1
Publicado
2019-09-20
·
Atualizado
2019-10-09
·
CVE-2019-11280
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pivotal Application Service versions 2.3.x through 2.3.17
Pivotal Application Service versions 2.4.x through 2.4.13
Pivotal Application Service versions 2.5.x through 2.5.9
Pivotal Application Service versions 2.6.x through 2.6.4
Description
The issue concerns the invitations microservice in Pivotal Apps Manager, which is part of Pivotal Application Service. This microservice allows users to invite others to their organizations. However, a remote authenticated user can exploit this feature to gain additional privileges by inviting themselves to spaces they should not have access to.
Recommendations
For versions 2.3.x through 2.3.17, update to version 2.3.18 or later.
For versions 2.4.x through 2.4.13, update to version 2.4.14 or later.
For versions 2.5.x through 2.5.9, update to version 2.5.10 or later.
For versions 2.6.x through 2.6.4, update to version 2.6.5 or later.
Correção
Improper Privilege Management
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pivotal Application Service
Pivotal Apps Manager