CVE-2018-15762: Pivotal Operations Manager gives all users heightened privileges
Severity
Critical
Vendor
Pivotal Cloud Foundry
Description
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
Affected VMware Products and Versions
Severity is critical unless otherwise noted.
- Pivotal Operations Manager
- versions 2.0.x prior to 2.0.24
- versions 2.1.x prior to 2.1.15
- versions 2.2.x prior to 2.2.7
- versions 2.3.x prior to 2.3.1
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.0.24, 2.1.15, 2.2.7, 2.3.1
History
2018-10-29: Initial vulnerability report published