PT-2018-10300 · Pivotal · Pivotal Application Manager+1

Published

2018-09-17

Updated

2019-10-03

CVE-2018-11088

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pivotal Applications Manager in Pivotal Application Service versions 2.0 prior to 2.0.21 Pivotal Applications Manager in Pivotal Application Service versions 2.1 prior to 2.1.13 Pivotal Applications Manager in Pivotal Application Service versions 2.2 prior to 2.2.5

Description The issue is related to a bug that may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact containing the CF admin credential, allowing them to escalate to an admin role.

Recommendations For versions 2.0 prior to 2.0.21, update to version 2.0.21 or later. For versions 2.1 prior to 2.1.13, update to version 2.1.13 or later. For versions 2.2 prior to 2.2.5, update to version 2.2.5 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-11088

Affected Products

Pivotal Application Service

Pivotal Application Manager

PT-2018-10300 · Pivotal · Pivotal Application Manager+1

CVE-2018-11088

Related Identifiers

Affected Products

References · 3