CVE-2017-4955 Credentials in Elastic Runtime Notifications errand log
Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- PCF Elastic Runtime versions:
- 1.6.x versions prior to 1.6.65
- 1.7.x versions prior to 1.7.48
- 1.8.x versions prior to 1.8.28
- 1.9.x versions prior to 1.9.5
- Note: PCF Elastic Runtime 1.10.x versions are not vulnerable to this issue.
Users of affected versions should apply the following mitigation:
- Upgrade PCF Elastic Runtime:
- 1.6.x versions to 1.6.65 or later
- 1.7.x versions to 1.7.48 or later
- 1.8.x versions to 1.8.28 or later
- 1.9.x versions to 1.9.5 or later
This issue was responsibly reported by a Pivotal team member.
2017-03-24: Initial vulnerability report published