CVE-2018-15797

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-15797

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15797.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-15797

Published

2018-12-05T18:29:00.300Z

Modified

2026-02-11T14:05:07.578038Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.

References

https://www.cloudfoundry.org/blog/cve-2018-15797

Affected packages

Git / github.com/cloudfoundry/nfs-volume-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/nfs-volume-release
Events: Introduced

2aa2c12a49ec75cc3c1a9196a375e1a8e6fa5770

Fixed

faee8f182bc1b0a3143edc8c4ab9ee3d2aaf1f17

Introduced

d266b5eb1522eaf0906429536b5a56a23234be5a

Fixed

b3bce9f1324a50878500252c6718af9bbd366dce

Introduced

d5a33004d61b7ff3daa9fab00d1501af9af6d015

Fixed

7d829dfec4fa5ce982d1f7645a4f6b727934b184

Affected versions

v1.*

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.7.0

v1.7.1

v1.7.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15797.json"