Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cloudfoundry.org/blog/cve-2020-5418 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: pivotal
Published: 2020-09-03T01:10:15.621344Z
Updated: 2024-09-17T00:01:00.330Z
Reserved: 2020-01-03T00:00:00
Link: CVE-2020-5418
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-09-03T01:15:10.763
Modified: 2024-11-21T05:34:07.967
Link: CVE-2020-5418
Redhat
No data.