All Vulnerability Reports

CVE-2017-4955 Credentials in Elastic Runtime Notifications errand log


Severity

Medium

Vendor

Pivotal

Description

Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • PCF Elastic Runtime versions:
    • 1.6.x versions prior to 1.6.65
    • 1.7.x versions prior to 1.7.48
    • 1.8.x versions prior to 1.8.28
    • 1.9.x versions prior to 1.9.5
  • Note: PCF Elastic Runtime 1.10.x versions are not vulnerable to this issue.
Mitigation

Users of affected versions should apply the following mitigation:

  • Upgrade PCF Elastic Runtime:
    • 1.6.x versions to 1.6.65 or later
    • 1.7.x versions to 1.7.48 or later
    • 1.8.x versions to 1.8.28 or later
    • 1.9.x versions to 1.9.5 or later
Credit

This issue was responsibly reported by a Pivotal team member.

References
History

2017-03-24: Initial vulnerability report published