CVE-2018-1276

MEDIUM

6.5

CVSS Severity Score

EPSS Score0.0700%

EPSS Percentile35.45th

PublishedMay 17, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.

Affected Platforms (CPE)

📦

Pivotal Software

Windows Stemcells

< 1200.17

References & Advisories

🔗 https://www.cloudfoundry.org/blog/cve-2018-1276/

Related Vulnerabilities

CVE-2018-11978.5

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to acc...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...