All Vulnerability Reports

CVE-2018-1198: PCC bosh deployment logs print a superuser password in plain text


Severity

High

Vendor

Pivotal

Description

Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Cloud Cache versions prior to 1.3.1
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Cloud Cache: 1.3.1
Credit

This vulnerability was responsibly reported by Pivotal.

History

2018-09-13: Initial vulnerability report published