CVE-2018-1198
https://notcve.org/view.php?id=CVE-2018-1198
Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password. Pivotal Cloud Cache, en versiones anteriores a la 1.3.1, imprime una contraseña de superusuario en texto plano durante los logs de implementación de BOSH. Un usuario malicioso con acceso a los logs podría escalar sus privilegios mediante esta contraseña. • https://pivotal.io/security/cve-2018-1198 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2018-11088
https://notcve.org/view.php?id=CVE-2018-11088
Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role. Pivotal Applications Manager en Pivotal Application Service, en versiones 2.0 anteriores a la 2.0.21 y versiones 2.1 anteriores a la 2.1.13 y versiones 2.2 anteriores a la 2.2.5, contiene un error que podría permitir el escalado de privilegios. Un desarrollador de espacio con acceso al org del sistema podría ser capaz de acceder a un artefacto que contiene las credenciales de administrador CF, lo que les permite escalar a un rol admin. • https://pivotal.io/security/cve-2018-11088 •
CVE-2018-11087 – TLS validation error
https://notcve.org/view.php?id=CVE-2018-11087
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. Pivotal Spring AMQP, en versiones 1.x anteriores a la 1.7.10 y versiones 2.x anteriores a la 2.0.6, expone una vulnerabilidad Man-in-the-Middle (MitM) debido a la falta de validación de nombres de host. Un usuario malicioso que pueda interceptar tráfico sería capaz de ver los datos en tránsito. • https://pivotal.io/security/cve-2018-11087 • CWE-295: Improper Certificate Validation •
CVE-2016-0715
https://notcve.org/view.php?id=CVE-2016-0715
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present. Pivotal Cloud Foundry Elastic Runtime, desde la versión 1.4.0 hasta la 1.4.5, de la 1.5.0 hasta la 1.5.11 y desde la versión 1.6.0 hasta la 1.6.11 es vulnerable a una divulgación de información remota. Se ha detectado que las instrucciones originales de configuración de la mitigación que se proporcionaron como parte de CVE-2016-0708 estaban incompletas y podrían hacer que PHP Buildpack, Staticfile Buildpack y, probablemente, otras aplicaciones Buildpack personalizadas sean vulnerables a la divulgación de información remota. • https://pivotal.io/security/cve-2016-0715 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-11047
https://notcve.org/view.php?id=CVE-2018-11047
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longer expiration time than access tokens, allowing the possessor of a refresh token to authenticate longer than expected. This affects the administrative endpoints of the UAA. i.e. /Users, /Groups, etc. However, if the user has been deleted or had groups removed, or the client was deleted, the refresh token will no longer be valid. • https://www.cloudfoundry.org/blog/cve-2018-11047 • CWE-863: Incorrect Authorization •