CVE-2017-4955 — Log File Information Exposure in Software Cloud Foundry Elastic Runtime

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 38.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Software Cloud Foundry Elastic Runtime

Timeline

PublishedJun 13

Latest updateMay 13

Description

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime143 versions+142

🔴Vulnerability Details

GHSA

GHSA-2hg9-7ghw-wrh4: An issue was discovered in Pivotal PCF Elastic Runtime 1↗2022-05-13

▶

CVEList

CVE-2017-4955: An issue was discovered in Pivotal PCF Elastic Runtime 1↗2017-06-13

▶