Pivotal Cloud Foundry Credhub-release authentication bypass vulnerability

Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment.Credhub-release is one of the centralized credential management components....

Design/Logic Flaw

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists ACLs enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view...

CVE-2017-8038

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists ACLs enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view...

CVE-2017-8038

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists ACLs enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view...

CVE-2017-8038

CVE-2017-8038 affects Cloud Foundry CredHub-release before 1.2.0 (specifically 1.1.0). The ACL-based access control could be bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation. Impact is credential disclosure t...