cvelist/2018/1xxx/CVE-2018-1264.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "DATE_PUBLIC": "2018-09-27T17:30:00.000Z",
        "ID": "CVE-2018-1264",
        "STATE": "PUBLIC",
        "TITLE": "Log Cache logs UAA client secret on startup"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "log-cache-release",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_name": "all versions",
                                            "version_value": "1.1.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cloud Foundry"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Information Exposure Through Log Files"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.cloudfoundry.org/blog/cve-2018-1264/",
                "refsource": "CONFIRM",
                "url": "https://www.cloudfoundry.org/blog/cve-2018-1264/"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
}
corrections 2018-10-02 15:14:42 -04:00			`{`
"-Synchronized-Data." 2019-03-17 22:40:18 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security_alert@emc.com",`
			`"DATE_PUBLIC": "2018-09-27T17:30:00.000Z",`
			`"ID": "CVE-2018-1264",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Log Cache logs UAA client secret on startup"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "log-cache-release",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "<",`
			`"version_name": "all versions",`
			`"version_value": "1.1.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Cloud Foundry"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
publish CVE-2018-1264,11064,11081 2018-10-02 14:59:09 -04:00			`{`
"-Synchronized-Data." 2019-03-17 22:40:18 +00:00			`"lang": "eng",`
			`"value": "Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation."`
publish CVE-2018-1264,11064,11081 2018-10-02 14:59:09 -04:00			`}`
"-Synchronized-Data." 2019-03-17 22:40:18 +00:00			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.1,`
			`"baseSeverity": "CRITICAL",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "HIGH",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Information Exposure Through Log Files"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.cloudfoundry.org/blog/cve-2018-1264/",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.cloudfoundry.org/blog/cve-2018-1264/"`
			`}`
			`]`
			`},`
			`"source": {`
			`"discovery": "UNKNOWN"`
			`}`
			`}`