CVE-2018-1278 is a vulnerability in Pivotal Software Pivotal Application Service
Published on May 11, 2018
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.
Products Associated with CVE-2018-1278
Want to know whenever a new CVE is published for Pivotal Software Pivotal Application Service? stack.watch will email you.
Affected Versions
Pivotal Application Service Version 1.12.x prior to 1.12.22 and 2.0.x prior to 2.0.13 and 2.1.x prior to 2.1.4 is affected by CVE-2018-1278Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.