SessionID Exposure in Cloud Foundry Foundation Affected Products
CVE-2018-1192
What is CVE-2018-1192?
In several versions of the Cloud Foundry Foundation's cf-release and UAA, an exposed SessionID was found in audit event logs. This vulnerability allows an attacker to seize the SessionID and potentially impersonate a logged-in user, which can lead to unauthorized access and data breaches. Proper security measures should be implemented to ensure that SessionIDs are adequately protected and not logged in potentially accessible locations.
Affected Version(s)
Cloud Foundry Foundation cf-release prior to v285; cf-deployment prior to v1.7; UAA 4.5.x prior to 4.5.5, 4.8.x prior to 4.8.3, and 4.7.x prior to 4.7.4; and UAA-release 45.7.x prior to 45.7, 52.7.x prior to 52.7, and 53.3.x prior to 53.3 Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3
