Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:D0927D7DA684BC63BDC74CCEBF933B76
HistoryJul 31, 2017 - 12:00 a.m.

CVE-2017-8038: Credentials readable from CredHub endpoint | Cloud Foundry

2017-07-3100:00:00
Cloud Foundry
www.cloudfoundry.org
26

0.001 Low

EPSS

Percentile

37.0%

JSON

Severity

High

Vendor

Cloud Foundry Foundation

Versions Affected

  • Credhub-release version 1.1.0 only

Description

CredHub access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.

Mitigation

Users of affected versions should apply the following mitigation or upgrade:

  • Upgrade to credhub-release v1.2.0 [1] or later

Please note: All credential access is logged in the event_audit_record table of the CredHub database and should be reviewed for anomalous events.

Credit

This vulnerability was responsibly reported by the CredHub team.

References

History

2017-07-31: Initial vulnerability report published

Related

prion 1
cve 1
osv 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2017-11-27 10:29:00
cve
cve
CVE-2017-8038
2017-11-27 10:29:00
osv
osv
CVE-2017-8038
2017-11-27 10:29:00
cvelist
cvelist
CVE-2017-8038
2017-11-27 10:00:00
nvd
nvd
CVE-2017-8038
2017-11-27 10:29:00

0.001 Low

EPSS

Percentile

37.0%

JSON
Related for CFOUNDRY:D0927D7DA684BC63BDC74CCEBF933B76
prion1cve1osv1cvelist1nvd1