Cloud Foundry Logo
blog single gear
Security Advisory

CVE-2017-14390: CF-deployment 0.35.0 syslog misconfiguration

CVE-2017-14390: CF-deployment 0.35.0 syslog misconfiguration

Severity

Medium

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • cf-deployment v0.35.0

Description

A misconfiguration with Loggregator and syslog-drain in cf-deployment causes logs to be drained to unintended locations.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • cf-deployment: 0.36.0

Credit

This issue was responsibly reported by VMware.

References

History

2017-11-14: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES