CVE-2018-1256

State: PUBLISHED · Published: 2018-05-07 · Updated: 2024-09-17 · Assigner: dell

Description

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of the SSO Connector with tokens generated from another service plan.

CWE

(none)

Affected

Pivotal / Spring Cloud SSO Connector — v=2.1.2 [affected]

CVSS

(none)

References

https://pivotal.io/security/cve-2018-1256 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1256.json