CVE-2021-22115

MEDIUM

Cloudfoundry Capi-release - Insufficiently Protected Credentials

Title source: rule

Description

Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.

References (1)

[Vendor Advisory] https://www.cloudfoundry.org/blog/cve-2021-22115-capi-logs-service-broker-credentials/

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

cloudfoundry/capi-release < 1.106.0

cloudfoundry/cf-deployment < 16.2.0

Timeline

Published Apr 08, 2021

Tracked Since Feb 18, 2026