PT-2018-10298 · Pivotal · Pivotal Application Service
Published
2018-09-17
·
Updated
2019-10-03
·
CVE-2018-11086
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pivotal Application Service versions 2.0 prior to 2.0.21
Pivotal Application Service versions 2.1 prior to 2.1.13
Pivotal Application Service versions 2.2 prior to 2.2.5
Description
The issue is related to a bug in the Pivotal Usage Service, which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact containing the CF admin credential, allowing them to escalate to an admin role.
Recommendations
For Pivotal Application Service version 2.0, update to version 2.0.21 or later.
For Pivotal Application Service version 2.1, update to version 2.1.13 or later.
For Pivotal Application Service version 2.2, update to version 2.2.5 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pivotal Application Service