Log Configuration Vulnerability in Cloud Foundry's Loggregator Component
CVE-2017-14390

7.5HIGH

Key Information:

Vendor
CVE Published:
27 November 2017

What is CVE-2017-14390?

In the Cloud Foundry cf-deployment version 0.35.0, a misconfiguration in the integration of Loggregator and syslog-drain leads to logs being redirected to unintended locations. This issue can potentially expose sensitive log data and affect the overall logging integrity within applications deployed on Cloud Foundry. Proper logging configuration is essential for maintaining security and operational posture.

Affected Version(s)

cf-deployment cf-deployment v0.35.0 cf-deployment cf-deployment v0.35.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.