CVE-2018-1190: XSS on UAA OpenID Connect check session iframe endpoint
Severity
Medium
References
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Operations Manager
- 1.11.x versions prior to 1.11.13
- 1.10.x versions prior to 1.10.22
- Pivotal Application Service
- 1.11.x versions prior to 1.11.7
- 1.10.x versions prior to 1.10.36
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.0.0, 1.12.0, 1.11.13, 1.10.22
- Pivotal Application Service: 2.0.0, 1.12.0, 1.11.7, 1.10.36