Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2018-1223: CFCR leaks credentials to application logs

by: September 14, 2018

CVE-2018-1223: CFCR leaks credentials to application logs

Severity

High

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • kubo-release versions prior to 0.14.0

Description

Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • kubo-release versions 0.14.0

History

2018-09-14: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-5137-1: Linux kernel vulnerabilities
Security Advisory

USN-5137-1: Linux kernel vulnerabilities

by Cloud Foundry Foundation Security Team January 20, 2022
USN-4719-1: ca-certificates update
Security Advisory

USN-4719-1: ca-certificates update

by Cloud Foundry Foundation Security Team February 23, 2021
USN-6005-1: Sudo vulnerabilities
Security Advisory

USN-6005-1: Sudo vulnerabilities

by Cloud Foundry Foundation Security Team April 24, 2023
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept