Privilege Escalation Vulnerability in Pivotal Application Service by Pivotal
CVE-2018-11086

8.8HIGH

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
17 September 2018

What is CVE-2018-11086?

A vulnerability in Pivotal Application Service allows a space developer with system org access to retrieve an artifact containing CF admin credentials. This could enable unauthorized escalation of privileges to gain admin access, highlighting a significant security risk for installations running affected versions of the software.

Affected Version(s)

Application Service 2.0 < 2.0.21

Application Service 2.1 < 2.1.13

Application Service 2.2 < 2.2.5

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.