Cloud Foundry Loggregator Vulnerability Affecting Multiple Versions
CVE-2018-1268

6.8MEDIUM

Key Information:

Vendor: Cloud Foundry
Status: Loggregator
Vendor: CVE Published:; 6 June 2018

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2018-1268?

The Cloud Foundry Loggregator is vulnerable due to improper validation of app GUID structures in API requests. This vulnerability allows a remote, authenticated attacker with knowledge of a valid app GUID to craft malicious requests. As a result, they may gain unauthorized access to read from or write to the application's logs, potentially exposing sensitive information and compromising the application's security integrity.

Affected Version(s)

Loggregator 89.x < 89.5

Loggregator 96.x < 96.1

Loggregator 99.x < 99.1

References

https://www.cloudfoundry.org/blog/cve-2018-1268

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2018
Vulnerability Reserved
Dec 6, 2017

CVE-2018-1268 Data

JSON