CVE-2018-15797

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-15797

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15797.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-15797

Published

2018-12-05T18:29:00Z

Modified

2025-01-08T05:00:23.646643Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.

References

https://www.cloudfoundry.org/blog/cve-2018-15797

Affected packages

Git / github.com/cloudfoundry/nfs-volume-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/nfs-volume-release
Events: Introduced

d5a33004d61b7ff3daa9fab00d1501af9af6d015

Fixed

7d829dfec4fa5ce982d1f7645a4f6b727934b184

Affected versions

v1.*

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4