Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NFS Volume release errand leaks cf admin credentials in logs
Vulnerability Description
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloud Foundry NFS volume 信任管理问题漏洞
Vulnerability Description
Cloud Foundry NFS volume是美国Cloud Foundry基金会的一款NFS卷服务,它主要用于支持应用程序访问持久性文件系统。 Cloud Foundry NFS volume 1.2.5之前的1.2.x版本、1.5.4之前的1.5.x版本和1.7.3之前的1.7.x版本中存在安全漏洞,该漏洞源于在运行nfsbrokerpush BOSH部署任务时程序记录了cf管理员的用户名和密码。远程攻击者可借助NFS卷部署任务利用该漏洞获取用于Cloud Foundry Platform的管理员
CVSS Information
N/A
Vulnerability Type
N/A