Lucene search
GoogleOSV:CVE-2016-6658HistoryMar 29, 2018 - 10:29 p.m.
CVE-2016-6658
2018-03-2922:29:00
Google
osv.dev
3
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cf-release | eq | 91 | |
| cf-release | eq | 4.28.0 | |
| cf-release | eq | 121 | |
| cf-release | eq | 75.9.0 | |
| cf-release | eq | 4.16.0 | |
| cf-release | eq | 3.9.4 | |
| cf-release | eq | 4.7.3 | |
| cf-release | eq | 235 | |
| cf-release | eq | 76.12.0 | |
| cf-release | eq | 2.7.0.2 |
References
Related
cve
cve
CVE-2016-6658
2018-03-29 22:29:00
cvelist
cvelist
CVE-2016-6658
2018-03-29 22:00:00
prion
prion
Design/Logic Flaw
2018-03-29 22:29:00
nvd
nvd
CVE-2016-6658
2018-03-29 22:29:00
cloudfoundry
cloudfoundry