All Vulnerability Reports

CVE-2018-1200: Apps Manager File Access Vulnerability


Severity

High

Vendor

Pivotal

Description

Apps Manager for PCF allows unprivileged remote file read in its container via specially-crafted links.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Application Service:
    • 1.11.x versions prior to 1.11.26
    • 1.12.x versions prior to 1.12.14
    • 2.0.x versions prior to 2.0.5
  • Please note: PAS versions prior to 1.11 are not affected.
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Application Service: 1.11.26, 1.12.14, 2.0.5
History

2018-02-13: Initial vulnerability report published