All Vulnerability Reports

CVE-2018-15762: Pivotal Operations Manager gives all users heightened privileges


Severity

Critical

Vendor

Pivotal Cloud Foundry

Description

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.

Affected VMware Products and Versions

Severity is critical unless otherwise noted.

  • Pivotal Operations Manager
    • versions 2.0.x prior to 2.0.24
    • versions 2.1.x prior to 2.1.15
    • versions 2.2.x prior to 2.2.7
    • versions 2.3.x prior to 2.3.1

Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.0.24, 2.1.15, 2.2.7, 2.3.1

History

2018-10-29: Initial vulnerability report published