Information Exposure in Cloud Foundry Garden-runC Affects User Credentials
CVE-2018-1191

8.8HIGH

Key Information:

Vendor: Cloud Foundry
Status: Garden-runc
Vendor: CVE Published:; 29 March 2018

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2018-1191?

Cloud Foundry Garden-runC, in versions prior to 1.11.0, is susceptible to an information exposure vulnerability. This issue allows users with access to Garden logs to potentially retrieve sensitive credentials, enabling them to carry out authenticated actions. Such leakage can lead to unauthorized access and manipulation of system resources, highlighting the importance of proper log management and access controls.

Affected Version(s)

Garden-runC Versions prior to 1.11.0

References

https://www.cloudfoundry.org/blog/cve-2018-1191/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2018
Vulnerability Reserved
Dec 6, 2017

CVE-2018-1191 Data

JSON