CVE-2018-15797 — HIGH (8.4)

Q: How severe is CVE-2018-15797?

CVE-2018-15797 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-15797?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Cloud Foundry Nfs Volume.

Vulnerability Description

Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.

CVSS Score

8.4

HIGH

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pivotal Software	Cloud Foundry Nfs Volume	>= 1.2.0, < 1.2.5

Related Weaknesses (CWE)

CWE-532

References

https://www.cloudfoundry.org/blog/cve-2018-15797Vendor Advisory
https://www.cloudfoundry.org/blog/cve-2018-15797Vendor Advisory

FAQ

What is CVE-2018-15797?

CVE-2018-15797 is a vulnerability with a CVSS score of 8.4 (HIGH). Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote ...

How severe is CVE-2018-15797?

CVE-2018-15797 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15797?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Cloud Foundry Nfs Volume.