Lucene search
Cloud FoundryCFOUNDRY:17AFE3D25423FEF0F9FC1CDBEC9D2B74HistoryMar 26, 2018 - 12:00 a.m.
CVE-2018-1231: BOSH CLI does not restrict access to configuration file | Cloud Foundry
2018-03-2600:00:00
Cloud Foundry
www.cloudfoundry.org
25
0.001 Low
EPSS
Percentile
36.9%
Severity
Medium
Vendor
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- You are using BOSH CLI version prior to v3.0.1
Description
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.
Mitigation
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- BOSH CLI v3.0.1
Credit
This issue was responsibly reported by the VMware team**.**
History
2018-03-26: Initial vulnerability report published.
Related
cve
cve
CVE-2018-1231
2018-03-27 16:29:00
osv
osv
CVE-2018-1231
2018-03-27 16:29:00
cvelist
cvelist
CVE-2018-1231
2018-03-26 00:00:00
veracode
veracode
Incorrect Access Controls
2018-03-28 02:22:26
prion
prion
Improper access control
2018-03-27 16:29:00
nvd
nvd
CVE-2018-1231
2018-03-27 16:29:00