PT-2020-18470 · Cloud Foundry · Cloud Foundry Capi

Published

2020-09-03

Updated

2020-09-11

CVE-2020-5418

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0

Description The issue allows authenticated users with only the "cloud controller.read" scope, but no roles in any spaces, to list all droplets in all spaces, whereas they should see none.

Recommendations For versions prior to 1.98.0, update to version 1.98.0 or later to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-5418

Affected Products

Cloud Foundry Capi

PT-2020-18470 · Cloud Foundry · Cloud Foundry Capi

CVE-2020-5418

Weakness Enumeration

Related Identifiers

Affected Products

References · 3