CVE-2018-1268

MEDIUM

Cloud Foundry Loggregator Authenticated Log Access and Manipulation via Malicious App GUID Requests

Title source: llm
STIX 2.1

Description

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2018-1268

Scores

CVSS v3 6.8
EPSS 0.0101
EPSS Percentile 59.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
cloudfoundry/loggregator 89 - 89.5
Published Jun 06, 2018
Tracked Since Feb 18, 2026