CVE-2018-1200: Apps Manager File Access Vulnerability
Severity
High
Vendor
Pivotal
Description
Apps Manager for PCF allows unprivileged remote file read in its container via specially-crafted links.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Application Service:
- 1.11.x versions prior to 1.11.26
- 1.12.x versions prior to 1.12.14
- 2.0.x versions prior to 2.0.5
- Please note: PAS versions prior to 1.11 are not affected.
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Application Service: 1.11.26, 1.12.14, 2.0.5
History
2018-02-13: Initial vulnerability report published