1. Home
  2. CVE Database
  3. CVE-2018-1278
MEDIUM · 6.5

CVE-2018-1278

Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of...

Vulnerability Description

Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Pivotal SoftwarePivotal Application Service>= 1.12.0, < 1.12.22

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2018-1278?

CVE-2018-1278 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of...

How severe is CVE-2018-1278?

CVE-2018-1278 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1278?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Pivotal Application Service.