CVE-2018-1231
HIGHPivotal Software Bosh CLI < 3.0.1 - Incorrect Permission Assignment
Title source: ruleDescription
Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. A user with access to an instance using the BOSH CLI can access the BOSH CLI configuration file and use its contents to perform authenticated requests to BOSH.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2018-1231/
Scores
CVSS v3
8.8
EPSS
0.0029
EPSS Percentile
52.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
pivotal_software/bosh_cli
< 3.0.1
Published
Mar 27, 2018
Tracked Since
Feb 18, 2026