PT-2018-11061 · Cloud Foundry · Cloud Foundry Container Runtime

Publicado

2018-09-17

Atualizado

2020-03-09

CVE-2018-1223

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry Container Runtime (kubo-release) versions prior to 0.14.0

Description The issue may cause UAA and vCenter credentials to be leaked to application logs. A malicious user who can read these logs could potentially use the leaked credentials to escalate privileges.

Recommendations For versions prior to 0.14.0, update to version 0.14.0 or later to resolve the issue. As a temporary workaround, consider restricting access to application logs to minimize the risk of credential exposure.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2018-1223

Produtos afetados

Cloud Foundry Container Runtime

PT-2018-11061 · Cloud Foundry · Cloud Foundry Container Runtime

CVE-2018-1223

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3