CVE-2018-11086

2018-09-1300:00:00

dell

www.cve.org

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.

CNA Affected

[
  {
    "product": "Application Service",
    "vendor": "Pivotal ",
    "versions": [
      {
        "lessThan": "2.0.21",
        "status": "affected",
        "version": "2.0",
        "versionType": "custom"
      },
      {
        "lessThan": "2.1.13 ",
        "status": "affected",
        "version": "2.1",
        "versionType": "custom"
      },
      {
        "lessThan": "2.2.5",
        "status": "affected",
        "version": "2.2",
        "versionType": "custom"
      }
    ]
  }
]

References

pivotal.io/security/cve-2018-11086