Vulnerability Report

CVE-2018-1190

Title: Pivotal Uaa Bosh Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS)

Proof Of Concept

No public PoC currently indexed for CVE-2018-1190.

CWE Category CWE-79

Published Date Jan 04, 2018

Modified Date Nov 21, 2024

Exploit Status Not Found

Score 6.1 CVSS v3.0

Exploit Probability (EPSS)

0.22%

Vulnerability Summary

CVE-2018-1190: An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.

Impacted Vendors

cloudfoundry 1

pivotal 2

Reference Links

http://www.securityfocus.com/bid/102427 https://www.cloudfoundry.org/cve-2018-1190/ http://www.securityfocus.com/bid/102427 https://www.cloudfoundry.org/cve-2018-1190/

CVSS v3.0

Source Entity [email protected]

Severity MEDIUM

6.1

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

4.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2018-1190 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

November 21, 2024 MODIFIED

Vulnerability data or affected products updated.

January 04, 2018 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction REQUIRED

CVSS Vector String


                                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Stack

No specific products linked.