Insertion of Sensitive Information Into Debugging Code

CVE-2018-1191

High

8.8/10

Summary

Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-215 - Insertion of Sensitive Information Into Debugging Code

The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

References

Advisory Timeline

Published Mar 29, 2018

Insertion of Sensitive Information Into Debugging Code

CVE-2018-1191

Summary

CWE-215 - Insertion of Sensitive Information Into Debugging Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS