All Vulnerability Reports

CVE-2017-4955 Credentials in Elastic Runtime Notifications errand log


Severity

Medium

Vendor

Pivotal

Description

Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • PCF Elastic Runtime versions:
    • 1.6.x versions prior to 1.6.65
    • 1.7.x versions prior to 1.7.48
    • 1.8.x versions prior to 1.8.28
    • 1.9.x versions prior to 1.9.5
  • Note: PCF Elastic Runtime 1.10.x versions are not vulnerable to this issue.

Mitigation

Users of affected versions should apply the following mitigation:

  • Upgrade PCF Elastic Runtime:
    • 1.6.x versions to 1.6.65 or later
    • 1.7.x versions to 1.7.48 or later
    • 1.8.x versions to 1.8.28 or later
    • 1.9.x versions to 1.9.5 or later

Credit

This issue was responsibly reported by a Pivotal team member.

References

History

2017-03-24: Initial vulnerability report published