CVE-2018-11088

Summary

Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.

Affected Software

VendorProductVersion RangeStatus
PivotalApplication Service2.0 < 2.0.21affected
PivotalApplication Service2.1 < 2.1.13affected
PivotalApplication Service2.2 < 2.2.5affected

Weaknesses

  • Credential leak

ADP Enrichment

CVE Program Container

Additional References

References