Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCloudfoundry Command Line Interface
APPCloudfoundry< 6.43.0
Related vulnerabilities
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, ap...
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or o...
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure proto...
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...