First published: Thu Mar 29 2018(Updated: )
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Cf-release | <245 | |
Pivotal Software Cloud Foundry Elastic Runtime | <1.6.49 | |
Pivotal Software Cloud Foundry Elastic Runtime | >=1.7.0<1.7.31 | |
Pivotal Software Cloud Foundry Elastic Runtime | >=1.8.0<1.8.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-6658 is a vulnerability in cf-release before version 245 that allows a user to configure and push applications with a user-provided custom buildpack using a URL that can contain credentials.
CVE-2016-6658 has a severity rating of 9.6, which is classified as critical.
The affected software includes Cloudfoundry Cf-release before version 245 and Pivotal Software Cloud Foundry Elastic Runtime versions up to 1.6.49, 1.7.31, and 1.8.11.
The vulnerability can be exploited by specifying credentials in the URL pointing to the user-provided custom buildpack, allowing unauthorized access to the buildpack through the CLI.
Yes, upgrading to cf-release version 245 or later can fix the vulnerability. Additionally, upgrading Pivotal Software Cloud Foundry Elastic Runtime to versions above 1.6.49, 1.7.31, and 1.8.11 can also address the issue.