Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2017-14390: CF-deployment 0.35.0 syslog misconfiguration

by: November 14, 2017

CVE-2017-14390: CF-deployment 0.35.0 syslog misconfiguration

Severity

Medium

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • cf-deployment v0.35.0

Description

A misconfiguration with Loggregator and syslog-drain in cf-deployment causes logs to be drained to unintended locations.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • cf-deployment: 0.36.0

Credit

This issue was responsibly reported by VMware.

References

History

2017-11-14: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-5445-1: Subversion vulnerabilities
Security Advisory

USN-5445-1: Subversion vulnerabilities

by Cloud Foundry Foundation Security Team July 28, 2022
USN-3220-2: Linux kernel (Xenial HWE) vulnerability
Security Advisory

USN-3220-2: Linux kernel (Xenial HWE) vulnerability

by Cloud Foundry Foundation Security Team March 9, 2017
CVE-2018-1277: Garden does not correctly enforce Docker image disc quotas
Security Advisory

CVE-2018-1277: Garden does not correctly enforce Docker image disc quotas

by Cloud Foundry Foundation Security Team April 30, 2018
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept