CVE-2018-1278 Information
Feb 14, 2021
cve
Description
Apps Manager included in Pivotal Application Service versions 1.12.x prior to 1.12.22 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list domains quotas and other information about the org.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Reference
http://www.securityfocus.com/bid/104227 https://pivotal.io/security/cve-2018-1278
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
6.5
Share on: