Vulnerability Name: | CVE-2018-15797 (CCN-154171) | ||||||||||||
Assigned: | 2018-12-03 | ||||||||||||
Published: | 2018-12-03 | ||||||||||||
Updated: | 2020-08-24 | ||||||||||||
Summary: | Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand. | ||||||||||||
CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-532 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-15797 Source: XF Type: UNKNOWN cloudfoundry-cve201815797-info-disc(154171) Source: CONFIRM Type: Vendor Advisory https://www.cloudfoundry.org/blog/cve-2018-15797 Source: CCN Type: Cloud Foundry Blog, December 3, 2018 CVE-2018-15797: NFS volume release errand leaks CF admin credentials in logs | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |