CVE-2016-0929

Name of the Vulnerable Software and Affected Versions RabbitMQ for Pivotal Cloud Foundry (PCF) versions 1.6.x through 1.6.3

Description The issue allows context-dependent attackers to obtain sensitive information by reading the log data. This is because the metrics-collection component logs command lines of failed commands, which might include sensitive information such as credentials. For example, a syslog message could contain credentials from a command line.

Recommendations For RabbitMQ for Pivotal Cloud Foundry (PCF) versions 1.6.x through 1.6.3, update to version 1.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to log data to minimize the risk of sensitive information disclosure.