CVE-2016-9882: Cloud Foundry Logs Service Credentials
Medium
Cloud Foundry Foundation
Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog
.
OSS users are strongly encouraged to follow one of the mitigations below:
syslog
using a secure connection.2017-01-09: Initial vulnerability report published
2017-01-10: Added mitigation suggestion for rotating credentials