CVE-2016-9882

Summary

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.

Affected Software

VendorProductVersion RangeStatus
n/aCloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0affected

Weaknesses

  • Logs Service Credentials

ADP Enrichment

CVE Program Container

Additional References

References