CVE-2017-8038

{"id": "CVE-2017-8038", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-11-27T10:29:00.813", "references": [{"url": "https://www.cloudfoundry.org/cve-2017-8038/", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.cloudfoundry.org/cve-2017-8038/", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation."}, {"lang": "es", "value": "En Cloud Foundry Foundation Credhub-release versi\u00f3n 1.1.0, las listas de control de acceso (ACL) se aplican si un usuario autenticado puede realizar una operaci\u00f3n en una credencial. Para las instalaciones que emplean ACL, el ACL fue omitido para el extremo interpolado CredHub, permitiendo que aplicaciones autenticadas vean cualquier credencial en la instalaci\u00f3n CredHub."}], "lastModified": "2024-11-21T03:33:11.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:credhub-release:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92803362-0523-424D-9950-E19E0FED5493"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}