CVE-2016-6658

EUVD-2016-7561

29.03.2018, 22:29

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.6 CRITICAL	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Affected Products (NVD)

Vendor	Product	Version
cloudfoundry	cf-release	𝑥 < 245
pivotal_software	cloud_foundry_elastic_runtime	𝑥 < 1.6.49
pivotal_software	cloud_foundry_elastic_runtime	1.7.0 ≤ 𝑥 < 1.7.31
pivotal_software	cloud_foundry_elastic_runtime	1.8.0 ≤ 𝑥 < 1.8.11

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://pivotal.io/security/cve-2016-6658