CVE-2018-1267
HIGHCloudfoundry Silk-release < 0.2.0 - Incorrect Permission Assignment
Title source: ruleDescription
Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2018-1267/
Scores
CVSS v3
8.1
EPSS
0.0033
EPSS Percentile
56.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
cloudfoundry/silk-release
< 0.2.0
Published
Mar 27, 2018
Tracked Since
Feb 18, 2026