CVE-2018-1190

🗓️ 04 Jan 2018 06:00:00Reported by dellType

An XSS risk in Pivotal Cloud Foundry, UAA for single logout session management

Reporter	Title	Published	Views	Family All 11
Cloud Foundry	CVE-2018-1190: XSS on UAA OpenID Connect check session iframe endpoint \| Cloud Foundry	2 Jan 201800:00	–	cloudfoundry
CNVD	Pivotal Cloud Foundry Runtime cf-release, UAA and UAA bosh cross-site scripting vulnerabilities	8 Jan 201800:00	–	cnvd
Cvelist	CVE-2018-1190	4 Jan 201806:00	–	cvelist
EUVD	EUVD-2022-4320	3 Oct 202520:07	–	euvd
Github Security Blog	Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint	13 May 202201:10	–	github
NVD	CVE-2018-1190	4 Jan 201806:29	–	nvd
OSV	CVE-2018-1190	4 Jan 201806:29	–	osv
OSV	GHSA-J97Q-9XP9-G5FX Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint	13 May 202201:10	–	osv
Prion	Cross site scripting	4 Jan 201806:29	–	prion
Veracode	Cross-site Scripting (XSS)	5 Jan 201806:43	–	veracode

NVD

Node

cloudfoundry cf-releaseRange≤269

pivotal uaaRange3.0.0–3.20.1

pivotal uaa_boshRange≤44

[
  {
    "product": "Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/102427
cloudfoundry	www.cloudfoundry.org/cve-2018-1190/

21 Nov 2024 03:59Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

CVSS 36.1

EPSS0.00217

CWE-79