CVE-2018-1223: CFCR leaks credentials to application logs
Severity
High
Vendor
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- kubo-release versions prior to 0.14.0
Description
Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.
Mitigation
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- kubo-release versions 0.14.0
History
2018-09-14: Initial vulnerability report published.