Superuser Password Exposure in Pivotal Cloud Cache by Pivotal
CVE-2018-1198

8.8HIGH

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
17 September 2018

What is CVE-2018-1198?

A vulnerability in Pivotal Cloud Cache versions prior to 1.3.1 allows a superuser password to be printed in plain text during BOSH deployment logs. This can lead to potential privilege escalation if an unauthorized user gains access to these logs, thus compromising the security of the system.

Affected Version(s)

Cloud Cache < 1.31

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.