CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal cloud foundry deployment concourse tasks |
||
pivotal cloud foundry deployment |
||
pivotal cloud foundry smoke test |
||
pivotal cloud foundry routing release |
||
pivotal cloud foundry notifications |
||
pivotal cloud foundry command line interface release |
||
pivotal cloud foundry log cache release |
||
pivotal cloud foundry networking release |
||
pivotal cloud foundry command line interface |
||
pivotal cloud foundry healthwatch |
||
pivotal credhub service broker for pcf |
||
pivotal metric registrar release |
||
pivotal on demand service broker |
||
pivotal application service |
||
pivotal cloud foundry autoscaling release |
||
pivotal pivotal cloud foundry service broker |
||
pivotal single sign-on |
||
pivotal cloud foundry event alerts |
||
appdynamics platform montioring |
||
bluemedora nozzle |
||
contrastsecurity service broker |
||
cyberark conjur service broker |
||
samba volume service |
||
signalsciences service broker |
||
snyk service broker |
||
solace pubsub\\+ |
||
anynines mongodb |
||
apigee edge service broker |
||
appdynamics application performance monitoring |
||
datadoghq application monitoring |
||
dynatrace service broker |
||
google google cloud platform service broker |
||
newrelic nozzle |
||
pagerduty service broker |
||
sumologic nozzle |
||
tibco businessworks buildpack |
||
anynines logme |
||
anynines mysql |
||
anynines postgresql |
||
anynines rabbitmq |
||
ibm websphere liberty |
||
microsoft azure log analytics nozzle |
||
microsoft azure service broker |
||
newrelic dotnet extension buildpack |
||
wavefront wavefront by vmware nozzle |
||
yugabyte db enterprise |
||
anynines elasticsearch |
||
anynines redis |
||
appdynamics application analytics |
||
datastax enterprise service broker |
||
forgerock service broker |
||
newrelic service broker |
||
riverbed steelcentral appinternals |
||
splunk nozzle |
||
synopsys seeker iast service broker |