exploitDog

CVE-2018-1256

Опубликовано: 07 мая 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.

Ссылки

https://pivotal.io/security/cve-2018-1256
Mitigation
Vendor Advisory
https://pivotal.io/security/cve-2018-1256
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vmware:spring_cloud_sso_connector:2.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00308

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-q4q2-93pw-qwgf

CVSS3: 8.1

github

больше 3 лет назад

Issuer validation regression in Spring Cloud SSO Connector

EPSS

Процентиль: 54%

0.00308

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo