PT-2018-11108 · Cloud Foundry · Bosh Cli
Published
2018-03-27
·
Updated
2019-10-03
·
CVE-2018-1231
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry BOSH CLI versions prior to v3.0.1
Description
The issue is related to improper access control. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.
Recommendations
For versions prior to v3.0.1, update to version v3.0.1 or later to resolve the issue.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bosh Cli