CVE-2018-15797

HIGH

Cloud Foundry NFS Volume 1.2.0-1.2.4, 1.5.0-1.5.3, 1.7.0-1.7.2 - Authenticated Credential Exposure via NFS Broker Logs

Title source: llm
STIX 2.1

Description

Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2018-15797

Scores

CVSS v3 8.4
EPSS 0.0158
EPSS Percentile 72.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-532
Status published
Products (1)
pivotal_software/cloud_foundry_nfs_volume 1.2.0 - 1.2.5
Published Dec 05, 2018
Tracked Since Feb 18, 2026