Lucene search

K

Log-cache-release Security Vulnerabilities

cve
cve

CVE-2019-3800

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

7.8CVSS

7.3AI Score

0.002EPSS

2019-08-05 05:15 PM
50
cve
cve

CVE-2018-1264

Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is...

9.8CVSS

9.4AI Score

0.006EPSS

2018-10-05 09:29 PM
26