CVE-2018-0042 — Log File Information Exposure in Juniper Contrail Service Orchestration

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 45.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Contrail Service Orchestration

Timeline

PublishedJul 11

Latest updateMay 13

Description

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDjuniper/contrail_service_orchestration< 4.0.0

🔴Vulnerability Details

GHSA

GHSA-r658-8hfr-mhc6: Juniper Networks CSO versions prior to 4↗2022-05-13

▶

CVEList

CVE-2018-0042: Juniper Networks CSO versions prior to 4↗2018-07-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion↗2018-08-17

▶

📋Vendor Advisories

Juniper

CVE-2018-0042: Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.↗2018-07-11

▶