Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Windows2012R2 stemcell by Cloud Foundry
CVE-2018-1276 (GCVE-0-2018-1276)
Vulnerability from cvelistv5 – Published: 2018-05-17 20:00 – Updated: 2024-09-16 23:16
VLAI
EPSS
VEX
Summary
Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.
Severity
No CVSS data available.
CWE
- Information exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2018-1276/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | Windows2012R2 stemcell |
Affected:
versions prior to 1200.17
|
Date Public
2018-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2018-1276/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows2012R2 stemcell",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to 1200.17"
}
]
}
],
"datePublic": "2018-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T19:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2018-1276/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-16T00:00:00",
"ID": "CVE-2018-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows2012R2 stemcell",
"version": {
"version_data": [
{
"version_value": "versions prior to 1200.17"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2018-1276/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2018-1276/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1276",
"datePublished": "2018-05-17T20:00:00.000Z",
"dateReserved": "2017-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:44.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1276 (GCVE-0-2018-1276)
Vulnerability from nvd – Published: 2018-05-17 20:00 – Updated: 2024-09-16 23:16
VLAI
EPSS
VEX
Summary
Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.
Severity
No CVSS data available.
CWE
- Information exposure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2018-1276/ | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | Windows2012R2 stemcell |
Affected:
versions prior to 1200.17
|
Date Public
2018-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2018-1276/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Windows2012R2 stemcell",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to 1200.17"
}
]
}
],
"datePublic": "2018-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T19:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2018-1276/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-16T00:00:00",
"ID": "CVE-2018-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows2012R2 stemcell",
"version": {
"version_data": [
{
"version_value": "versions prior to 1200.17"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2018-1276/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2018-1276/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1276",
"datePublished": "2018-05-17T20:00:00.000Z",
"dateReserved": "2017-12-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:44.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}