Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:FAC61B3A87F447680F1D7A08D3D6078F
HistoryJun 15, 2023 - 12:00 a.m.

CVE-2023-20885: CF workflows leak credentials in system audit logs | Cloud Foundry

2023-06-1500:00:00
Cloud Foundry
www.cloudfoundry.org
12
cloud foundry
credentials leak
audit logging
vulnerability
nfs
notifications
smb volume

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

34.8%

JSON

Severity

Medium

Vendor

Cloud Foundry Foundation

Description

Cloud foundry team found that the kernel audit logging is enabled on some components due to which various lifecycle workflows in the platform that use admin or service credentials in invocations of binaries are picked up by the audit logging, which record arguments passed to binary invocations that access the filesystem. A malicious user may use these credentials to deploy apps on CF instance.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • CF NFS volume release
    • 5.0.x versions prior to 5.0.27
    • 7.1.x versions prior to 7.1.19
  • Notifications
    • All versions prior to 63
  • SMB Volume
    • All versions prior to 3.1.19

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • CF NFS volume release
    • Upgrade 5.0.x versions to 5.0.27 or greater
    • Upgrade 7.1.x versions to 7.1.19 or greater
  • Notifications
    • Upgrade all versions to 63 or greater
  • SMB Volume
    • Upgrade all versions to 3.1.19 or greater

History

2023-06-15: Initial vulnerability report published.

Affected configurations

Vulners
Node
cloudfoundrynfs_volume_releaseRange<5.0.27
OR
cloudfoundrynfs_volume_releaseRange<7.1.19
OR
cloudfoundrynotificationsRange<63
OR
cloudfoundrynfs_volume_releaseRange<3.1.19
VendorProductVersionCPE
cloudfoundrynfs_volume_release*cpe:2.3:a:cloudfoundry:nfs_volume_release:*:*:*:*:*:*:*:*
cloudfoundrynotifications*cpe:2.3:a:cloudfoundry:notifications:*:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
nvd 1
veracode 1
cve 1
prion
prion
Design/Logic Flaw
2023-06-16 13:15:00
cvelist
cvelist
CVE-2023-20885 CF workflows leak credentials in system audit logs
2023-06-16 12:18:35
nvd
nvd
CVE-2023-20885
2023-06-16 13:15:09
veracode
veracode
Password Disclosure
2023-06-27 05:38:35
cve
cve
CVE-2023-20885
2023-06-16 13:15:09

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

34.8%

JSON
Related for CFOUNDRY:FAC61B3A87F447680F1D7A08D3D6078F
prion1cvelist1nvd1veracode1cve1