CVE-2018-11083

Bosh accepts refresh tokens in place of an access token

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.

Cloud Foundry BOSH, en versiones v264 anteriores a la v264.14.0, versiones v265 anteriores a la v265.7.0, versiones v266 anteriores a la v266.8.0 y versiones v267 anteriores a la v267.2.0, permiten que los tokens de actualización sean tokens de acceso al emplear UAA para la autenticación. Un atacante remoto con un token de actualización de administrador dado por UAA puede emplearse para acceder a los recursos BOSH sin obtener un token de acceso, incluso aunque su usuario ya no tenga acceso a esos recursos.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-05-14 CVE Reserved
2018-10-05 CVE Published
2024-07-20 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.cloudfoundry.org/blog/cve-2018-11083	2020-01-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cloud Foundry Search vendor "Cloud Foundry"		Bosh Search vendor "Cloud Foundry" for product "Bosh"				>= 264.1 < 264.14.0 Search vendor "Cloud Foundry" for product "Bosh" and version " >= 264.1 < 264.14.0"		-		Affected
Cloud Foundry Search vendor "Cloud Foundry"		Bosh Search vendor "Cloud Foundry" for product "Bosh"				>= 265.1.0 < 265.7.0 Search vendor "Cloud Foundry" for product "Bosh" and version " >= 265.1.0 < 265.7.0"		-		Affected
Cloud Foundry Search vendor "Cloud Foundry"		Bosh Search vendor "Cloud Foundry" for product "Bosh"				>= 266.2.0 < 266.8.0 Search vendor "Cloud Foundry" for product "Bosh" and version " >= 266.2.0 < 266.8.0"		-		Affected