{"id":"CVE-2018-1192","details":"In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.","aliases":["GHSA-xg5v-696h-c3vr"],"modified":"2026-03-20T11:21:47.160886Z","published":"2018-02-01T20:29:00.247Z","references":[{"type":"ADVISORY","url":"https://www.cloudfoundry.org/blog/cve-2018-1192/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/cf-release","events":[{"introduced":"0"},{"fixed":"45d47f7ac8aced2f54e6fadf375ebc08f2e9d05f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"285"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa","events":[{"introduced":"df80f632e613efdf64a262dec4d015f1ccf9b8d6"},{"fixed":"830768517c01cb62bb6dd2c47220a718f7ff9fa3"},{"introduced":"754f2716d3d8f2e227952f74adcfde5378b17b96"},{"fixed":"6502d3b1a267fecc5392f93dfc2727d4451e930f"},{"introduced":"391163ebad397b8f3eb5298aa01412dd94c9a176"},{"fixed":"782856925a559640b8a442f261b614df4376b034"},{"introduced":"0"},{"fixed":"585adc1bde0b242e204b6a6300e19ee5283c2bbe"}],"database_specific":{"versions":[{"introduced":"4.5.0"},{"fixed":"4.5.5"},{"introduced":"4.7.0"},{"fixed":"4.7.4"},{"introduced":"4.8.0"},{"fixed":"4.8.3"},{"introduced":"0"},{"fixed":"1.7"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa-release","events":[{"introduced":"0"},{"last_affected":"73a447e383811cdcab85c57c5f0480eb715ceb22"},{"introduced":"0"},{"last_affected":"750add865cb9aa6bff5a95516791264e1d2e6529"},{"introduced":"0"},{"last_affected":"bc6b5748b05e80dbd659b39e0b993be08c2231dc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"45.7"},{"introduced":"0"},{"last_affected":"52.7"},{"introduced":"0"},{"last_affected":"53.3"}]}}],"versions":["-","4.5.0","4.5.1","4.5.2","4.5.3","4.5.4","4.6.0","4.6.1","4.7.0","4.7.1","4.7.2","4.7.3","4.8.0","4.8.1","4.8.2","ci-upgrade","list","log","rc145.0","scotty_09012012","v","v10","v100","v101","v102","v103","v104","v105","v106","v107","v108","v109","v11","v11.1","v11.2","v11.3","v110","v111","v112","v113","v114","v115","v116","v117","v118","v119","v119-fixed","v12","v12.1","v12.2","v12.3","v120","v121","v122","v123","v124","v125","v126","v127","v128","v129","v13","v130","v131","v132","v133","v134","v135","v136","v137","v138","v139","v14","v140","v141","v142","v143","v144","v145","v146","v147","v148","v149","v15","v150","v151","v152","v153","v154","v155","v156","v157","v158","v159","v16","v160","v161","v162","v163","v164","v165","v166","v168","v169","v17","v170","v171","v172","v173","v175","v176","v177","v178","v179","v18","v180","v182","v183","v186","v187","v188","v189","v19","v190","v191","v192","v193","v194","v195","v196","v197","v198","v199","v2","v20","v200","v201","v202","v203","v204","v205","v206","v207","v208","v209","v21","v210","v211","v212","v213","v214","v215","v217","v218","v219","v22","v220","v221","v222","v223","v224","v225","v226","v227","v228","v229","v23","v230","v231","v232","v233","v234","v235","v236","v237","v238","v239","v24","v240","v241","v242","v243","v244","v245","v246","v247","v248","v249","v25","v250","v251","v252","v253","v254","v255","v256","v257","v258","v259","v26","v260","v261","v262","v263","v264","v265","v266","v267","v268","v269","v27","v270","v271","v272","v273","v274","v275","v276","v277","v278","v279","v28","v280","v281","v282","v283","v284","v3","v30","v30.1","v31","v33","v39","v4","v40","v41","v43","v44","v45","v45.5","v45.6","v45.7","v5","v50","v51","v52","v52.1","v52.2","v52.4","v52.5","v52.6","v52.7","v53","v53.1","v53.2","v53.3","v6","v68","v69","v7","v70","v71","v72","v73","v74","v75","v76","v77","v78","v79","v8","v80","v81","v82","v83","v84","v85","v86","v87","v88","v89","v9","v90","v91","v92","v93","v94","v95","v95-fixed","v96","v97","v98","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1192.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}