CVE-2018-1195

Published: Mar 19, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.

Vendor	Product	Versions
Dell EMC	Cloud Controller	affected `You are using Cloud Controller version prior to 1.46.0` affected `You are using cf-deployment version prior to 1.3.0` affected `You are using cf-release version prior to 283`

References

https://www.cloudfoundry.org/blog/cve-2018-1195/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-1195

Description

Affected Products

References