Описание
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 270.0.0 (включая) до 270.1.1 (исключая)
cpe:2.3:a:cloud_foundry:bosh:*:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
6 Medium
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-532
CWE-522
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Cloud Foundry BOSH 267.x versions prior to v267.14.0, and BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.
EPSS
Процентиль: 13%
0.00044
Низкий
6 Medium
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-532
CWE-522