CVE-2018-1262
Description
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
Risk Information
Base Score
7.2
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.392
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1262 are fixed in Cloudfoundry-identity-server 4.12.2 | Windows |
| Vulnerabilities CVE-2018-1262 are fixed in Cloudfoundry-identity-server 4.13.4 | Windows |
| Vulnerabilities CVE-2018-1262 are fixed in Cloudfoundry-identity-server for Linux 4.12.2 | Linux |
| Vulnerabilities CVE-2018-1262 are fixed in Cloudfoundry-identity-server for Linux 4.13.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234