PT-2017-10378 · Cloud Foundry Foundation · Cf-Release+1

Published

2017-01-13

·

Updated

2021-05-25

·

CVE-2016-9882

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Cloud Foundry Foundation cf-release versions prior to v250 CAPI-release versions prior to v1.12.0
Description An issue was discovered where Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.
Recommendations For Cloud Foundry Foundation cf-release versions prior to v250, update to version v250 or later to resolve the issue. For CAPI-release versions prior to v1.12.0, update to version v1.12.0 or later to resolve the issue.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2016-9882

Affected Products

Capi-Release
Cf-Release