CVE-2018-1264
CRITICALPivotal Software Cloud Foundry Log Cache - Log Information Exposure
Title source: ruleDescription
Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2018-1264/
Scores
CVSS v3
9.1
EPSS
0.0061
EPSS Percentile
69.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (1)
pivotal_software/cloud_foundry_log_cache
< 1.1.1
Published
Oct 05, 2018
Tracked Since
Feb 18, 2026