CVE-2017-4955

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-4955

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-4955.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-4955

Published

2017-06-13T06:29:00Z

Modified

2025-04-20T03:53:06.406792Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

References

Affected packages

Git / github.com/cloudfoundry/uaa

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/uaa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

36efbc0bf6186a4abaf51c04e55cdb2d5e15091b

Last affected

3ce2a53c261790f5a4cbddff3dd4dcf4a82d69ac

Last affected

58caa488fe3cc30f745b9f5079c42141d606436b

Last affected

7f2dc9e3f8a43a4d8dd9fd5c4819d4b1807044f6

Last affected

8a9ca90e103a2b5ddd4a0b04b9046e62c22fcc75

Last affected

96b1fc8e3a982b6f478e363f3919a4a16e0a6a92

Last affected

ac69ac2ea93c6ae9d6a751adf03596a18fe0e9d5

Last affected

ae59bf11fec166fd075b1dbead2ae16effa57e3f

Last affected

bb75c2730c921667652b4589d67bec2246b1f306

Last affected

cba095870204fa62b1278163f99084e159ceb3a6

Last affected

cde7ba5da9b64cb45bd64c61c6fb2899bbc3e0f2

Last affected

e0080f861db5b30c0793973e5c4fff7153040ecb

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.1

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.5.0

1.5.2

1.5.2.1

1.5.3

1.5.4

1.5.4.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.7.0

1.7.1