CVE-2016-5006 — Sensitive Information Exposure in Software Cloud Foundry

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 44.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Software Cloud Foundry Pivotal Software Cloud Foundry Elastic Runtime

Timeline

PublishedMay 2

Latest updateMay 17

Description

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDpivotal_software/cloud_foundry238.0

▶NVDpivotal_software/cloud_foundry_elastic_runtime1.6.32+11

🔴Vulnerability Details

GHSA

GHSA-6q7m-3j88-7g48: The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user crede↗2022-05-17

▶

CVEList

CVE-2016-5006: The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user crede↗2017-05-02

▶