Описание
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.78.0 (исключая)
cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.0037
Низкий
6.5 Medium
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-285
CWE-269
Связанные уязвимости
github
больше 3 лет назад
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
EPSS
Процентиль: 58%
0.0037
Низкий
6.5 Medium
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-285
CWE-269