{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "285"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "45d47f7ac8aced2f54e6fadf375ebc08f2e9d05f"
            }
          ],
          "repo": "https://github.com/cloudfoundry/cf-release",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "4.5.0"
              },
              {
                "fixed": "4.5.5"
              },
              {
                "introduced": "4.7.0"
              },
              {
                "fixed": "4.7.4"
              },
              {
                "introduced": "4.8.0"
              },
              {
                "fixed": "4.8.3"
              },
              {
                "introduced": "0"
              },
              {
                "fixed": "1.7"
              }
            ]
          },
          "events": [
            {
              "introduced": "df80f632e613efdf64a262dec4d015f1ccf9b8d6"
            },
            {
              "fixed": "830768517c01cb62bb6dd2c47220a718f7ff9fa3"
            },
            {
              "introduced": "754f2716d3d8f2e227952f74adcfde5378b17b96"
            },
            {
              "fixed": "6502d3b1a267fecc5392f93dfc2727d4451e930f"
            },
            {
              "introduced": "391163ebad397b8f3eb5298aa01412dd94c9a176"
            },
            {
              "fixed": "782856925a559640b8a442f261b614df4376b034"
            },
            {
              "introduced": "0"
            },
            {
              "fixed": "585adc1bde0b242e204b6a6300e19ee5283c2bbe"
            }
          ],
          "repo": "https://github.com/cloudfoundry/uaa",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "45.7"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "52.7"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "53.3"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "73a447e383811cdcab85c57c5f0480eb715ceb22"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "750add865cb9aa6bff5a95516791264e1d2e6529"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "bc6b5748b05e80dbd659b39e0b993be08c2231dc"
            }
          ],
          "repo": "https://github.com/cloudfoundry/uaa-release",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user.",
  "id": "CVE-2018-1192",
  "modified": "2026-03-13T21:51:44.651390311Z",
  "published": "2018-02-01T20:29:00.247Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://www.cloudfoundry.org/blog/cve-2018-1192/"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}