CVE-2017-8038
Last modified
CVE-2017-8038 is a vulnerability of currently unknown severity. In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.. EPSS estimates a 0.95% chance of exploitation in the next 30 days.
Description
In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Credhub-Release | 1.1.0 |
References
- https://www.cloudfoundry.org/cve-2017-8038/Issue Tracking, Third Party Advisory
- https://www.cloudfoundry.org/cve-2017-8038/Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8038?
How severe is CVE-2017-8038?
How do I fix CVE-2017-8038?
Are you affected by CVE-2017-8038?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST