CVE-2023-20885

Published: Jun 16, 2023Modified: Dec 16, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.

Affected (4)

Products: Pivotal: Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume

Pivotal

3 products

Cloud Foundry Nfs Volume

Cloud Foundry Notifications

Cloud Foundry Smb Volume

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Pivotal Cloud Foundry Nfs Volume	From 5.0.0 to 5.0.27
Pivotal Cloud Foundry Nfs Volume	From 7.1.0 to 7.1.19
Pivotal Cloud Foundry Notifications	Before 63
Pivotal Cloud Foundry Smb Volume	Before 3.1.19

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.cloudfoundry.org/blog/cve-2023-20885-cf-workflows-leak-credentials-in-system-audit-logs/

Source: security@vmware.com

Vendor Advisory

https://www.cloudfoundry.org/blog/cve-2023-20885-cf-workflows-leak-credentials-in-system-audit-logs/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.