PT-2017-18083 · Credhub · Credhub-Release

Published

2017-11-27

Updated

2019-10-03

CVE-2017-8038

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Credhub-release version 1.1.0

Description The issue allows authenticated applications to bypass access control lists (ACLs) and view any credential within the CredHub installation when using the CredHub interpolate endpoint.

Recommendations For Credhub-release version 1.1.0, consider restricting access to the CredHub interpolate endpoint until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-8038

Affected Products

Credhub-Release

PT-2017-18083 · Credhub · Credhub-Release

CVE-2017-8038

Related Identifiers

Affected Products

References · 4