CVE-2021-22115

Published: Apr 8, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.

Affected (2)

Products: Cloudfoundry: Capi Release, Cf Deployment

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Capi Release	Before 1.106.0
Cloudfoundry Cf Deployment	Before 16.2.0

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.cloudfoundry.org/blog/cve-2021-22115-capi-logs-service-broker-credentials/

Source: security@vmware.com

Vendor Advisory

https://www.cloudfoundry.org/blog/cve-2021-22115-capi-logs-service-broker-credentials/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.