High severity7.2NVD Advisory· Published May 15, 2018· Updated Jun 17, 2026
CVE-2018-1262
CVE-2018-1262
Description
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | >= 4.12.0, < 4.12.2 | 4.12.2 |
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | >= 4.13.0, < 4.13.4 | 4.13.4 |
Affected products
2- ghsa-coordsRange: >= 4.12.0, < 4.12.2
- Cloud Foundry/CloudFoundry UAAv5Range: 4.12.X and 4.13.X
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8v97-gv3g-32rfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1262ghsaADVISORY
- www.cloudfoundry.org/blog/cve-2018-1262/nvdThird Party Advisory
- github.com/cloudfoundry/uaa/commit/14c745aa293b8d3ce9cdd6bfbc6c0ef3f269b21ghsaWEB
- github.com/cloudfoundry/uaa/commit/dccd3962f969913996ee88f653fce3b108c0205ghsaWEB
- www.cloudfoundry.org/blog/cve-2018-1262ghsaWEB
News mentions
0No linked articles in our index yet.