CVE-2018-1191 – Garden may log Docker passwords
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- You are using garden-runc-release prior to version 1.11.0
- You are using cf-deployment prior to version 1.9.0
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- garden-runc-release version 1.11.0
- cf-deployment version 1.9.0
This issue was responsibly reported by the Garden team.
2018-03-28: Initial vulnerability report published.