CVE-2018-15795 – CredHub Service Broker uses guessable client secret
https://notcve.org/view.php?id=CVE-2018-15795
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service. Dell EMC RecoverPoint, en versiones anteriores a la 5.1.2.1 y RecoverPoint for VMs en versiones anteriores a la 5.2.0.2, contienen una vulnerabilidad de consumo de recursos no controlado. Un usuario boxmgmt malicioso podría ser capaz de consumir grandes cantidades de banda ancha de CPU para hacer que el sistema se ralentice o determine la existencia de cualquier archivo del sistema mediante la interfaz de línea de comandos de Boxmgmt. • http://www.securityfocus.com/bid/105915 https://pivotal.io/security/cve-2018-15795 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVE-2018-15796 – Signing Key Extraction in Bits Service Release
https://notcve.org/view.php?id=CVE-2018-15796
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage. Cloud Foundry Bits Service Release, en versiones anteriores a la 2.14.0, utiliza un algoritmo de hash inseguro para firmar URL. Un usuario malicioso remoto puede obtener una URL firmada y extraer la clave de firma, lo que permite un acceso completo de lectura y escritura al almacenamiento de Bits Service. • https://www.cloudfoundry.org/blog/cve-2018-15796 • CWE-326: Inadequate Encryption Strength •
CVE-2018-15762 – Pivotal Operations Manager gives all users heightened privileges
https://notcve.org/view.php?id=CVE-2018-15762
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman. Pivotal Operations Manager, en versiones 2.0.x anteriores a la 2.0.24, versiones 2.1.x anteriores a la 2.1.15, versiones 2.2.x anteriores a la 2.2.7 y versiones 2.3.x anteriores a la 2.3.1, otorga a todos los usuarios un alcance que permite el escalado de privilegios. Un usuario remoto malicioso que se haya autenticado podría crear un nuevo cliente con privilegios de administrador para Opsman. • https://pivotal.io/security/cve-2018-15762 • CWE-269: Improper Privilege Management •
CVE-2018-15758 – Privilege Escalation in spring-security-oauth2
https://notcve.org/view.php?id=CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. • http://www.securityfocus.com/bid/105687 https://access.redhat.com/errata/RHSA-2019:2413 https://pivotal.io/security/cve-2018-15758 https://access.redhat.com/security/cve/CVE-2018-15758 https://bugzilla.redhat.com/show_bug.cgi?id=1643048 • CWE-285: Improper Authorization •
CVE-2018-11081 – Pivotal Operations Manager UAA config - temp Ram Disk
https://notcve.org/view.php?id=CVE-2018-11081
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.. Pivotal Operations Manager, en versiones 2.2.x anteriores a la 2.2.1, 2.1.x anteriores a la 2.1.11, 2.0.x anteriores a la 2.0.16 y 1.11.x anteriores a la 2, fracasa a la hora de escribir el archivo de configuración Operations Manager UAA en el disco RAM temporal, exponiendo así las configuraciones directamente en el disco. Un usuario remoto que haya obtenido acceso a la máquina virtual de Operations Manager puede ahora buscar y hallar las credenciales UAA para Operations Manager en el disco del sistema. • https://pivotal.io/security/cve-2018-11081 •