CVE-2017-8038: Credentials readable from CredHub endpoint
Cloud Foundry Foundation
- Credhub-release version 1.1.0 only
CredHub access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub
interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.
Users of affected versions should apply the following mitigation or upgrade:
- Upgrade to credhub-release v1.2.0  or later
Please note: All credential access is logged in the
event_audit_record table of the CredHub database and should be reviewed for anomalous events.
This vulnerability was responsibly reported by the CredHub team.
2017-07-31: Initial vulnerability report published