CVE-2017-8038

Summary

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.

Affected Software

VendorProductVersion RangeStatus
n/aCredhub Credhub-release version 1.1.0 onlyCredhub Credhub-release version 1.1.0 onlyaffected

Weaknesses

  • Credentials readable

ADP Enrichment

CVE Program Container

Additional References

References