Improper Access Control Vulnerability in Cloud Foundry BOSH CLI
CVE-2018-1231

8.8HIGH

Key Information:

Status
Vendor
CVE Published:
27 March 2018

What is CVE-2018-1231?

The Cloud Foundry BOSH CLI prior to version 3.0.1 is susceptible to an improper access control vulnerability. This issue allows a user with access to a BOSH instance to read the BOSH CLI configuration file, which could be exploited to perform authenticated requests against the BOSH API. This vulnerability raises significant security risks as it may lead to unauthorized access to sensitive BOSH functionalities.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.