Description
Pivotal Ops Manager is prone to local information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
Technologies Affected
- Pivotal Cloud Foundry Ops Manager 2.3
- Pivotal Cloud Foundry Ops Manager 2.3.0
- Pivotal Cloud Foundry Ops Manager 2.3.1
- Pivotal Cloud Foundry Ops Manager 2.3.10
- Pivotal Cloud Foundry Ops Manager 2.3.11
- Pivotal Cloud Foundry Ops Manager 2.3.12
- Pivotal Cloud Foundry Ops Manager 2.3.14
- Pivotal Cloud Foundry Ops Manager 2.3.15
- Pivotal Cloud Foundry Ops Manager 2.3.16
- Pivotal Cloud Foundry Ops Manager 2.3.2
- Pivotal Cloud Foundry Ops Manager 2.3.3
- Pivotal Cloud Foundry Ops Manager 2.3.4
- Pivotal Cloud Foundry Ops Manager 2.3.5
- Pivotal Cloud Foundry Ops Manager 2.3.6
- Pivotal Cloud Foundry Ops Manager 2.3.7
- Pivotal Cloud Foundry Ops Manager 2.3.8
- Pivotal Cloud Foundry Ops Manager 2.3.9
- Pivotal Cloud Foundry Ops Manager 2.4
- Pivotal Cloud Foundry Ops Manager 2.4.0
- Pivotal Cloud Foundry Ops Manager 2.4.1
- Pivotal Cloud Foundry Ops Manager 2.4.10
- Pivotal Cloud Foundry Ops Manager 2.4.11
- Pivotal Cloud Foundry Ops Manager 2.4.12
- Pivotal Cloud Foundry Ops Manager 2.4.2
- Pivotal Cloud Foundry Ops Manager 2.4.3
- Pivotal Cloud Foundry Ops Manager 2.4.4
- Pivotal Cloud Foundry Ops Manager 2.4.5
- Pivotal Cloud Foundry Ops Manager 2.4.6
- Pivotal Cloud Foundry Ops Manager 2.4.7
- Pivotal Cloud Foundry Ops Manager 2.4.8
- Pivotal Cloud Foundry Ops Manager 2.4.9
- Pivotal Cloud Foundry Ops Manager 2.5.0
- Pivotal Cloud Foundry Ops Manager 2.5.1
- Pivotal Cloud Foundry Ops Manager 2.5.2
- Pivotal Cloud Foundry Ops Manager 2.5.3
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the local nature of this issue, grant only trusted and accountable individuals access to affected computers.
Updates are available. Please see the references or vendor advisory for more information.