CVE-2018-1266Path Traversal in Capi-release

CWE-22Path TraversalCWE-330Use of Insufficiently Random Values5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 40.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cloudfoundry Capi-release
Timeline
PublishedMar 27
Latest updateMay 13

Description

Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-f5h8-wfwr-29f4: Cloud Foundry Cloud Controller, versions prior to 12022-05-13
CVEList
CVE-2018-1266: Cloud Foundry Cloud Controller, versions prior to 12018-03-27

💥Exploits & PoCs

1
Exploit-DB
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution2019-02-25

💬Community

1
Bugzilla
CVE-2018-11737 sleuthkit: Out-of-bounds memory read in tsk/fs/ntfs_dent.cpp:ntfs_fix_idxrec() function allows denial of service2018-06-08
CVE-2018-1266 — Path Traversal in Capi-release | cvebase