2 matches found
CVE-2017-8038
CVE-2017-8038 affects Cloud Foundry CredHub-release before 1.2.0 (specifically 1.1.0). The ACL-based access control could be bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation. Impact is credential disclosure t...
CVE-2017-8038: Credentials readable from CredHub endpoint | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected Credhub-release version 1.1.0 only Description CredHub access control lists ACLs enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub...