CVE-2018-15797
HIGHPivotal Software Cloud Foundry Nfs Volume - Log Information Exposure
Title source: ruleDescription
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2018-15797
Scores
CVSS v3
8.4
EPSS
0.0034
EPSS Percentile
56.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (1)
pivotal_software/cloud_foundry_nfs_volume
1.2.0 - 1.2.5
Published
Dec 05, 2018
Tracked Since
Feb 18, 2026