CVE-2018-1195HIGHCVSS 8.8vYou are using Cloud Controller version prior to 1.46.0ยทvYou are using cf-deployment version prior to 1.3.0+1 more2018-03-19
CVE-2018-1195 [HIGH] CWE-613 CVE-2018-1195: In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of cli
cvelistv5nvd