Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2016-5006 Cloud Controller API logs user-provided service credentials

by: July 26, 2016

CVE-2016-5006 Cloud Controller API logs user-provided service credentials

Severity

High

Vendor

Cloud Foundry Foundation

Versions Affected

Cloud Foundry releases prior to v239

Description

When creating a user-provided service (UPS) in Cloud Foundry, the Cloud Controller logs the entire UPS object including the credentials provided by the user.

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that users upgrade to Cloud Foundry v239 [1] or later
  • Rotate all credentials associated with user-provided services for affected deployments. Refer to this document for more information.

References

History

2016-07-26: Initial vulnerability report published

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities
Security Advisory

USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities

by Cloud Foundry Foundation Security Team September 21, 2017
CVE-2015-9251: UAA contains vulnerable jQuery version
Security Advisory

CVE-2015-9251: UAA contains vulnerable jQuery version

by Cloud Foundry Foundation Security Team July 8, 2019
USN-5736-1: ImageMagick vulnerabilities
Security Advisory

USN-5736-1: ImageMagick vulnerabilities

by Cloud Foundry Foundation Security Team February 3, 2023
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept