CVE-2021-22115

Summary

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.

Affected Software

VendorProductVersion RangeStatus
n/aCloud Control APICAPI versions prior to 1.106.0affected

Weaknesses

  • Clear text logging of credentials

ADP Enrichment

CVE Program Container

Additional References

References