← back
CVE-2018-1190

CVE-2018-1190

EPSS 0.8%
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.
Affected products
n/a · Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cloudfoundry.org/cve-2018-1190/http://www.securityfocus.com/bid/102427