EUVD-2018-11893

Malware in sbrugna...

Improper Validation Of App GUID

github.com/cloudfoundry/loggregator is vulnerable to improper validation of app GUID. The vulnerability exists due to the improper check on appID in Wrap of logaccessmiddleware.go, allowing remotely authenticated users with the knowledge of an existing appID to read and write to the application's...

Code injection

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests t...

CVE-2018-1268

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests t...

CVE-2018-1268

Summary: CVE-2018-1268 affects Cloud Foundry Loggregator. The issue is improper validation of app GUID structure in Loggregator requests, allowing a remote authenticated user who knows an app GUID to construct requests to read from or write to that app’s logs. Affected versions include Loggregato...

CVE-2018-1268

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests t...

CVE-2018-1268: Loggregator lacks app GUID validation | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using loggregator-release Version 89.x prior to 89.5 Version 96.x prior to 96.1 Version 99.x prior to 99.1 Version 101.x prior to 101.9 Version 102.x prior to 102.2 Description Cloud Foundry...