First published: Fri Jun 16 2023(Updated: )
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.
Credit: security@vmware.com security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pivotal Cloud Foundry Nfs Volume | >=5.0.0<5.0.27 | |
Pivotal Cloud Foundry Nfs Volume | >=7.1.0<7.1.19 | |
Pivotal Cloud Foundry Notifications | <63 | |
Pivotal Cloud Foundry Smb Volume | <3.1.19 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-20885 is medium with a severity value of 6.5.
CVE-2023-20885 affects the following software versions: Cloud Foundry NFS Volume versions 5.0.0 to 5.0.26, 7.1.0 to 7.1.18; Cloud Foundry Notifications versions prior to 63; Cloud Foundry SMB Volume versions prior to 3.1.19.
To fix CVE-2023-20885, it is recommended to upgrade to the latest versions of Cloud Foundry NFS Volume, Cloud Foundry Notifications, and Cloud Foundry SMB Volume.
The Common Weakness Enumeration (CWE) ID for CVE-2023-20885 is CWE-532.
You can find more information about CVE-2023-20885 at the following link: [CVE-2023-20885 Details](https://www.cloudfoundry.org/blog/cve-2023-20885-cf-workflows-leak-credentials-in-system-audit-logs/)