CVE-2017-8038: Credentials readable from CredHub endpoint
Severity
High
Vendor
Cloud Foundry Foundation
Versions Affected
- Credhub-release version 1.1.0 only
Description
CredHub access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate
endpoint, allowing authenticated applications to view any credential within the CredHub installation.
Mitigation
Users of affected versions should apply the following mitigation or upgrade:
- Upgrade to credhub-release v1.2.0 [1] or later
Please note: All credential access is logged in the event_audit_record
table of the CredHub database and should be reviewed for anomalous events.
Credit
This vulnerability was responsibly reported by the CredHub team.
References
History
2017-07-31: Initial vulnerability report published