Cloud FoundryCFOUNDRY:D0927D7DA684BC63BDC74CCEBF933B76CVE-2017-8038: Credentials readable from CredHub endpoint | Cloud Foundry
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
37.0%
Severity
High
Vendor
Cloud Foundry Foundation
Versions Affected
- Credhub-release version 1.1.0 only
Description
CredHub access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.
Mitigation
Users of affected versions should apply the following mitigation or upgrade:
- Upgrade to credhub-release v1.2.0 [1] or later
Please note: All credential access is logged in the event_audit_record table of the CredHub database and should be reviewed for anomalous events.
Credit
This vulnerability was responsibly reported by the CredHub team.
References
History
2017-07-31: Initial vulnerability report published
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
37.0%