exploitDog

CVE-2018-1266

Опубликовано: 27 мар. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.5

EPSS Низкий

Описание

Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.

Ссылки

https://www.cloudfoundry.org/blog/cve-2018-1266/
Third Party Advisory
https://www.cloudfoundry.org/blog/cve-2018-1266/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*

Версия до 1.52.0 (исключая)

EPSS

Процентиль: 59%

0.00387

Низкий

8.1 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-f5h8-wfwr-29f4

CVSS3: 8.1

github

больше 3 лет назад

Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.

EPSS

Процентиль: 59%

0.00387

Низкий

8.1 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-22