All Vulnerability Reports

CVE-2018-1268: Loggregator lacks app GUID validation


Severity

Medium

References
Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Application Service
    • 2.2.x versions prior to 2.2.1
    • 2.1.x versions prior to 2.1.6
    • 2.0.x versions prior to 2.0.17
  • PCF Isolation Segment
    • 2.2.x versions prior to 2.2.1
    • 2.1.x versions prior to 2.1.5
    • 2.0.x versions prior to 2.0.13
  • Pivotal Application Service for Windows
    • 2.2.x versions prior to 2.2.1
    • 2.1.x versions prior to 2.1.6
  • Pivotal Application Service for Windows 2012R2
    • 2.2.x versions prior to 2.2.1
    • 2.1.x versions prior to 2.1.5
    • 2.0.x versions prior to 2.0.9
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • Pivotal Application Service: 2.2.1, 2.1.6, 2.0.17
    • Pivotal Isolation Segment: 2.2.1, 2.1.5, 2.0.13
    • Pivotal Application Service for Windows: 2.2.1, 2.1.6
    • Pivotal Application Service for Windows 2012R2: 2.2.1, 2.1.5, 2.0.9