PT-2018-11328 · Cloud Foundry · Cloud Foundry Loggregator
Published
2018-06-06
·
Updated
2020-05-04
·
CVE-2018-1268
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Loggregator versions 89.x prior to 89.5
Cloud Foundry Loggregator versions 96.x prior to 96.1
Cloud Foundry Loggregator versions 99.x prior to 99.1
Cloud Foundry Loggregator versions 101.x prior to 101.9
Cloud Foundry Loggregator versions 102.x prior to 102.2
Description
The issue concerns the lack of validation for app GUID structure in requests. A remote authenticated malicious user, knowing the GUID of an app, may construct malicious requests to read from or write to the logs of that app.
Recommendations
For versions 89.x prior to 89.5, update to version 89.5 or later.
For versions 96.x prior to 96.1, update to version 96.1 or later.
For versions 99.x prior to 99.1, update to version 99.1 or later.
For versions 101.x prior to 101.9, update to version 101.9 or later.
For versions 102.x prior to 102.2, update to version 102.2 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloud Foundry Loggregator