CVE-2018-1268
MEDIUMCloud Foundry Loggregator Authenticated Log Access and Manipulation via Malicious App GUID Requests
Title source: llmDescription
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2018-1268
Scores
CVSS v3
6.8
EPSS
0.0101
EPSS Percentile
59.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
cloudfoundry/loggregator
89 - 89.5
Published
Jun 06, 2018
Tracked Since
Feb 18, 2026