CVE-2018-1191

Published: Mar 29, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.

Affected (2)

Products: Cloudfoundry: Cf Deployment, Garden Runc Release

Cloudfoundry

2 products

Cf Deployment

Garden Runc Release

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Cf Deployment	Before 1.9.0
Cloudfoundry Garden Runc Release	Before 1.11.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-215

Insertion of Sensitive Information Into Debugging Code

The product inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

References (2)

https://www.cloudfoundry.org/blog/cve-2018-1191/

Source: security_alert@emc.com

Vendor Advisory

https://www.cloudfoundry.org/blog/cve-2018-1191/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.