Unrated severityNVD Advisory· Published Dec 5, 2018· Updated Sep 16, 2024
NFS Volume release errand leaks cf admin credentials in logs
CVE-2018-15797
Description
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=1.2.0, <1.2.5 || >=1.5.0, <1.5.4 || >=1.7.0, <1.7.3
- Cloud Foundry/NFS Volume Releasev5Range: 1.2
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2018-15797mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.