Vulnerability Details CVE-2017-8038
In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 4.0
Products affected by CVE-2017-8038
-
cpe:2.3:a:pivotal_software:credhub-release:1.1.0