CVE-2017-8038
N/A
N/A
Summary
In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Credhub Credhub-release version 1.1.0 only | Credhub Credhub-release version 1.1.0 only | affected |
Weaknesses
- Credentials readable
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.