PT-2019-17014 · Ibm · Ibm Cloud Private
Published
2019-08-05
·
Updated
2022-12-09
·
CVE-2019-4284
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cloud Private versions 2.1.0, 3.1.0, 3.1.1, 3.1.2
Description
A local privileged user could obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user.
Recommendations
For IBM Cloud Private version 2.1.0, update to a version that does not print sensitive OIDC tokens to log files.
For IBM Cloud Private versions 3.1.0, 3.1.1, 3.1.2, update to a version that does not print sensitive OIDC tokens to log files.
As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cloud Private