CVE-2018-15763: PKS leaks IaaS credentials to application logs
Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.
Severity is high unless otherwise noted.
- Pivotal Container Service (PKS) versions prior to 1.2.0
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Container Service (PKS) : 1.2.0
This vulnerability was responsibly reported by Pivotal.
2018-10-02: Initial vulnerability report published