CVE-2018-1268
Last modified
CVE-2018-1268 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Loggregator | >= 89, < 89.5 |
| Cloudfoundry | Loggregator | >= 96, < 96.1 |
| Cloudfoundry | Loggregator | >= 99, < 99.1 |
| Cloudfoundry | Loggregator | >= 101, < 101.9 |
| Cloudfoundry | Loggregator | >= 102, < 102.2 |
References
- https://www.cloudfoundry.org/blog/cve-2018-1268Vendor Advisory
- https://www.cloudfoundry.org/blog/cve-2018-1268Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1268?
How severe is CVE-2018-1268?
How do I fix CVE-2018-1268?
Are you affected by CVE-2018-1268?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST