{"id":"CVE-2018-1195","details":"In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.","modified":"2026-04-10T04:04:40.874429Z","published":"2018-03-19T18:29:00.327Z","references":[{"type":"ADVISORY","url":"https://www.cloudfoundry.org/blog/cve-2018-1195/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-attic/cf-release","events":[{"introduced":"0"},{"fixed":"04432ad6d3775a2fe84c5c63cae0b430d3539ad8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"283"}]}},{"type":"GIT","repo":"https://github.com/cloudfoundry/capi-release","events":[{"introduced":"0"},{"fixed":"5534906e48bd4a2465d0beef8daa7f23be6b8e89"},{"introduced":"0"},{"fixed":"53c2dbe469c52a48b44dc13d102fa928296196ec"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.46.0"},{"introduced":"0"},{"fixed":"1.3.0"}]}}],"versions":["-","1.0.0","1.1.0","1.10.0","1.11.0","1.12.0","1.13.0","1.14.0","1.15.0","1.16.0","1.19.0","1.2.0","1.20.0","1.21.0","1.22.0","1.23.0","1.24.0","1.25.0","1.26.0","1.27.0","1.28.0","1.3.0","1.30.0","1.31.0","1.32.0","1.33.0","1.34.0","1.35.0","1.36.0","1.38.0","1.4.0","1.40.0","1.41.0","1.42.0","1.5.0","1.6.0","1.7.0","1.8.0","1.9.0","list","log","rc145.0","scotty_09012012","v1.0.0","v100","v102","v103","v104","v105","v109","v119","v132","v133","v134","v135","v136","v137","v140","v143","v156","v157","v161","v170","v183","v205","v245","v249","v253","v260","v262","v275","v276","v278","v99","works-for-us"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1195.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}