CVE-2017-4955 Credentials in Elastic Runtime Notifications errand log
Severity
Medium
Vendor
Pivotal
Description
Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- PCF Elastic Runtime versions:
- 1.6.x versions prior to 1.6.65
- 1.7.x versions prior to 1.7.48
- 1.8.x versions prior to 1.8.28
- 1.9.x versions prior to 1.9.5
- Note: PCF Elastic Runtime 1.10.x versions are not vulnerable to this issue.
Mitigation
Users of affected versions should apply the following mitigation:
- Upgrade PCF Elastic Runtime:
- 1.6.x versions to 1.6.65 or later
- 1.7.x versions to 1.7.48 or later
- 1.8.x versions to 1.8.28 or later
- 1.9.x versions to 1.9.5 or later
Credit
This issue was responsibly reported by a Pivotal team member.
References
History
2017-03-24: Initial vulnerability report published