CVE-2018-1191
29.03.2018, 20:29
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cloudfoundry | cf-deployment | 𝑥 < 1.9.0 |
| cloudfoundry | garden-runc-release | 𝑥 < 1.11.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-215 - Insertion of Sensitive Information Into Debugging CodeThe application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.