CVE-2023-20885 – CF workflows leak credentials in system audit logs
https://notcve.org/view.php?id=CVE-2023-20885
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. • https://www.cloudfoundry.org/blog/cve-2023-20885-cf-workflows-leak-credentials-in-system-audit-logs • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2019-11283 – Password leak in smbdriver logs
https://notcve.org/view.php?id=CVE-2019-11283
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume. Cloud Foundry SMB Volume, versiones anteriores a v2.0.3, imprime accidentalmente información confidencial en los registros. Un usuario remoto con acceso a los registros de SMB Volume puede descubrir el nombre de usuario y la contraseña de los volúmenes que han sido diseñado recientemente, permitiendo tomar el control de SMB Volume. • https://www.cloudfoundry.org/blog/cve-2019-11283 • CWE-532: Insertion of Sensitive Information into Log File •