All Vulnerability Reports

CVE-2018-1190: XSS on UAA OpenID Connect check session iframe endpoint


Severity

Medium

References
Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Operations Manager
    • 1.11.x versions prior to 1.11.13
    • 1.10.x versions prior to 1.10.22
  • Pivotal Application Service
    • 1.11.x versions prior to 1.11.7
    • 1.10.x versions prior to 1.10.36
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.0.0, 1.12.0, 1.11.13, 1.10.22
    • Pivotal Application Service: 2.0.0, 1.12.0, 1.11.7, 1.10.36