CredHub Interpolate Endpoint ACL Bypass Vulnerability

CredHub Interpolate Endpoint ACL Bypass Vulnerability

CVE-2017-8038 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.

Learn more about our Cloud Audit.