CVE-2016-9882

Published: Jan 13, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.

Affected (2)

Products: Cloudfoundry: Capi Release, Cf Release

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Capi Release	Up to 1.11.0
Cloudfoundry Cf Release	Up to 249

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

http://www.securityfocus.com/bid/95441

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

https://www.cloudfoundry.org/cve-2016-9882/

Source: security_alert@emc.com

MitigationPatchVendor Advisory

http://www.securityfocus.com/bid/95441

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.cloudfoundry.org/cve-2016-9882/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.