CVE-2018-1267

HIGH

Cloud Foundry Silk CNI plugin < 0.2.0 - Improper Access Control via Overlapping Application Security Group

Title source: llm
STIX 2.1

Description

Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2018-1267/

Scores

CVSS v3 8.1
EPSS 0.0099
EPSS Percentile 57.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
cloudfoundry/silk-release < 0.2.0
Published Mar 27, 2018
Tracked Since Feb 18, 2026