Ops Manager uaa client issues tokens after refresh token expiration

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.

N/A

使用已过期的密钥

Pivotal Software Ops Manager 代码问题漏洞

Pivotal Software Ops Manager是美国Pivotal Software公司的一套开源的平台即服务（PaaS）云计算平台。该平台能够提供容器调度、持续交付和自动化服务部署等功能。 Pivotal Software Ops Manager中存在安全漏洞。攻击者可利用该漏洞获取浏览器会话的访问权限，访问Ops Manager资源。以下产品及版本受到影响：Pivotal Ops Manager 2.2.23之前的2.2.x版本，2.3.16之前的2.3.x版本，2.4.11之前本的2.4.

N/A

N/A