CVE-2018-1266
Summary
| CVE | CVE-2018-1266 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-03-27 16:29:00 UTC |
| Updated | 2021-09-09 17:16:00 UTC |
| Description | Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance. |
Risk And Classification
Problem Types: CWE-22 | CWE-330
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudfoundry | Capi-release | All | All | All | All |
| Application | Pivotal Software | Cloud Controller | All | All | All | All |
| Application | Pivotal Software | Cloud Controller | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2018-1266: Cloud Controller file modification via malicious application | Cloud Foundry | CONFIRM | www.cloudfoundry.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.