CVE-2018-1195
N/A
N/A
Summary
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell EMC | Cloud Controller | You are using Cloud Controller version prior to 1.46.0 | affected |
| Dell EMC | Cloud Controller | You are using cf-deployment version prior to 1.3.0 | affected |
| Dell EMC | Cloud Controller | You are using cf-release version prior to 283 | affected |
Weaknesses
- API will accept a refresh token for authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.