Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.
[
{
"product": "Application Service",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "2.0.21",
"status": "affected",
"version": "2.0",
"versionType": "custom"
},
{
"lessThan": "2.1.13",
"status": "affected",
"version": "2.1",
"versionType": "custom"
},
{
"lessThan": "2.2.5",
"status": "affected",
"version": "2.2",
"versionType": "custom"
}
]
}
]