CVE-2018-15762: Pivotal Operations Manager gives all users heightened privileges
Pivotal Cloud Foundry
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
Affected VMware Products and Versions
Severity is critical unless otherwise noted.
- Pivotal Operations Manager
- versions 2.0.x prior to 2.0.24
- versions 2.1.x prior to 2.1.15
- versions 2.2.x prior to 2.2.7
- versions 2.3.x prior to 2.3.1
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.0.24, 2.1.15, 2.2.7, 2.3.1
2018-10-29: Initial vulnerability report published