CVE-2021-22115
First published: Thu Apr 08 2021(Updated: )
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudfoundry Capi-release | <1.106.0 | |
| Cloudfoundry Cf-deployment | <16.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22115?
CVE-2021-22115 is a vulnerability in Cloud Controller API versions prior to 1.106.0 that logs service broker credentials in plain text.
How severe is CVE-2021-22115?
CVE-2021-22115 has a severity rating of medium with a score of 6.5.
Which software versions are affected by CVE-2021-22115?
Cloud Controller API versions up to 1.106.0 are affected, as well as Cloudfoundry Cf-deployment versions up to 16.2.0.
How can I fix CVE-2021-22115?
To fix CVE-2021-22115, you should upgrade Cloud Controller API to version 1.106.0 or newer, and Cloudfoundry Cf-deployment to version 16.2.0 or newer.
Where can I find more information about CVE-2021-22115?
You can find more information about CVE-2021-22115 at the following link: [CVE-2021-22115](https://www.cloudfoundry.org/blog/cve-2021-22115-capi-logs-service-broker-credentials/)
- collector/nvd-index
- agent/weakness
- agent/author
- agent/event
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cloudfoundry
- canonical/cloudfoundry capi-release
- canonical/cloudfoundry cf-deployment