Cloud Foundry Foundation
Cloud Foundry releases prior to v239
When creating a user-provided service (UPS) in Cloud Foundry, the Cloud Controller logs the entire UPS object including the credentials provided by the user.
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that users upgrade to Cloud Foundry v239  or later
- Rotate all credentials associated with user-provided services for affected deployments. Refer to this document for more information.
2016-07-26: Initial vulnerability report published