CVE-2018-1191: Garden may log Docker passwords
Severity
High
References
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- Pivotal Application Service
- 2.0.x versions prior to 2.0.7
- 1.12.x versions prior to 1.12.16
- 1.11.x versions prior to 1.11.28
- PCF Isolation Segment
- 2.0.x versions prior to 2.0.6
- 1.12.x versions prior to 1.12.15
- 1.11.x versions prior to 1.11.26
- Concourse for PCF
- Versions prior to 3.9.2
- Deployments using Garden runC prior to version v1.11.0
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- Pivotal Application Service: 2.1.0, 2.0.7, 1.12.16, 1.11.28
- PCF Isolation Segment: 2.1.0, 2.0.6, 1.12.15, 1.11.26
- Concourse for PCF: 3.9.2