cvedb.io
CVE-2018-1262
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2018-05-15T20:29:00.400 · Last modified 2026-06-17T01:50:51.680

Summary

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

Affected products

pivotal_software — cloud_foundry_uaa

Does this affect you?

Add your gear to cvedb and we'll alert you only when pivotal_software ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.