CVE-2018-15763 - Vulnerability Details - OpenCVE

Description

Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.

Published: 2018-10-05

Score: 9 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Pivotal

Pivotal Container Service

affected

Version	Status	Constraints
`all versions`	affected	< 1.2.0

Configuration 1 [-]

cpe:2.3:a:pivotal_software:pivotal_container_service:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2018-7626	Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00229.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://pivotal.io/security/cve-2018-15763

History

No history.

Subscriptions

Pivotal Software Pivotal Container Service

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-10-05T21:00:00.000Z

Updated: 2024-09-16T18:48:32.330Z

Reserved: 2018-08-23T00:00:00.000Z

Link: CVE-2018-15763

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-10-05T21:29:01.107

Modified: 2024-11-21T03:51:25.417

Link: CVE-2018-15763

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-532

{"containers": {"cna": {"affected": [{"product": "Pivotal Container Service", "vendor": "Pivotal", "versions": [{"lessThan": "1.2.0", "status": "affected", "version": "all versions", "versionType": "custom"}]}], "datePublic": "2018-10-02T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Information Exposure Through Application Logs", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-05T20:57:01.000Z", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2018-15763"}], "source": {"discovery": "UNKNOWN"}, "title": "PKS leaks IaaS Credentials to Application Logs", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-10-02T07:00:00.000Z", "ID": "CVE-2018-15763", "STATE": "PUBLIC", "TITLE": "PKS leaks IaaS Credentials to Application Logs"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pivotal Container Service", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "all versions", "version_value": "1.2.0"}]}}]}, "vendor_name": "Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Exposure Through Application Logs"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2018-15763", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2018-15763"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:01:54.533Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2018-15763"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-15763", "datePublished": "2018-10-05T21:00:00.000Z", "dateReserved": "2018-08-23T00:00:00.000Z", "dateUpdated": "2024-09-16T18:48:32.330Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:pivotal_container_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "86D5C1FB-F5A3-49DC-A6D4-79802EFA40C2", "versionEndExcluding": "1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials."}, {"lang": "es", "value": "Pivotal Container Service, en versiones anteriores a la 1.2.0, contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n que expone las credenciales IaaS a los registros de la aplicaci\u00f3n. Un usuario malicioso con acceso a los registros de la aplicaci\u00f3n podr\u00eda ser capaz de obtener credenciales IaaS y realizar acciones mediante el uso de estas credenciales."}], "id": "CVE-2018-15763", "lastModified": "2024-11-21T03:51:25.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-05T21:29:01.107", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-15763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-15763"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}