Back to search
CVE-2018-1278
Published: May 11, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.
| Vendor | Product | Versions |
|---|---|---|
Pivotal | Pivotal Application Service | affected 1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4 |
References
https://pivotal.io/security/cve-2018-1278
x_refsource_CONFIRM
104227
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now