CVE-2018-1191 — Insertion of Sensitive Information Into Debugging Code in Garden-runc-release

CWE-215 — Insertion of Sensitive Information Into Debugging Code CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 42.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-deployment Cloudfoundry Garden-runc-release Cloud Foundry Garden-runc

Timeline

PublishedMar 29

Latest updateMay 13

Description

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDcloudfoundry/garden-runc-release< 1.11.0

▶CVEListV5cloud_foundry/garden-runcVersions prior to 1.11.0

▶NVDcloudfoundry/cf-deployment< 1.9.0

🔴Vulnerability Details

GHSA

GHSA-gmr3-mrrf-r3v7: Cloud Foundry Garden-runC, versions prior to 1↗2022-05-13

▶

CVEList

CVE-2018-1191: Cloud Foundry Garden-runC, versions prior to 1↗2018-03-29

▶

💬Community

Bugzilla

CVE-2018-14436 ImageMagick: memory leak in ReadMIFFImage in coders/miff.c↗2018-07-30

▶