High
Cloud Foundry Foundation
CredHub access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate
endpoint, allowing authenticated applications to view any credential within the CredHub installation.
Users of affected versions should apply the following mitigation or upgrade:
Please note: All credential access is logged in the event_audit_record
table of the CredHub database and should be reviewed for anomalous events.
This vulnerability was responsibly reported by the CredHub team.
2017-07-31: Initial vulnerability report published