All Vulnerability Reports

CVE-2018-11041: UAA open redirect


Severity

High

References
Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Operations Manager
    • 2.1.x versions prior to 2.1.7
    • 2.0.x versions prior to 2.0.16
  • Pivotal Application Service
    • 2.1.x versions prior to 2.1.8
    • 2.0.x versions prior to 2.0.17
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.2.0, 2.1.7, 2.0.16
    • Pivotal Application Service 2.2.0, 2.1.8, 2.0.17