In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.
[
{
"product": "Credhub Credhub-release version 1.1.0 only",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Credhub Credhub-release version 1.1.0 only"
}
]
}
]