← Back to CVEs
CVE-2018-1268
MEDIUM6.8
Description
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.
CVE Details
CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published6/6/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
cloudfoundry:loggregator
Weaknesses (CWE)
CWE-20
References
https://www.cloudfoundry.org/blog/cve-2018-1268(security_alert@emc.com)
https://www.cloudfoundry.org/blog/cve-2018-1268(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.