1 results (0.001 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest. Cloud Foundry BOSH versión 270.x anteriores a v270.1.1, contienen un Director BOSH que no corrige las credenciales cuando se configura para usar una base de datos MySQL. Un usuario malicioso autenticado local puede leer cualquier credencial que esté contenida en un manifiesto BOSH. • https://www.cloudfoundry.org/blog/cve-2019-11271 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •