cnvd - cnvd-2017-04762

CNVD-2017-04762

Vulnerability from cnvd - Published: 2017-04-20

Title

Pivotal Cloud Foundry Elastic Runtime信息泄露漏洞（CNVD-2017-04762）

Description

Pivotal Cloud Foundry（PCF）是美国Pivotal Software公司的一套开源的平台即服务（PaaS）云计算平台，它提供容器调度、持续交付和自动化服务部署等功能。Elastic Runtime是Pivotal Cloud Foundry的一个运行环境。 PCF Elastic Runtime中存在信息泄露漏洞。攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Pivotal Cloud Foundry Elastic Runtime信息泄露漏洞（CNVD-2017-04762）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://pivotal.io/security/cve-2017-4955

Reference

http://www.securityfocus.com/bid/97082

Impacted products

Name
['Pivotal Software Cloud Foundry Elastic Runtime <1.6.65', 'Pivotal Software Cloud Foundry Elastic Runtime <1.6.65', 'Pivotal Software Cloud Foundry Elastic Runtime <1.7.48', 'Pivotal Software Cloud Foundry Elastic Runtime <1.8.28', 'Pivotal Software Cloud Foundry Elastic Runtime <1.9.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97082"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-4955"
    }
  },
  "description": "Pivotal Cloud Foundry\uff08PCF\uff09\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u5bb9\u5668\u8c03\u5ea6\u3001\u6301\u7eed\u4ea4\u4ed8\u548c\u81ea\u52a8\u5316\u670d\u52a1\u90e8\u7f72\u7b49\u529f\u80fd\u3002Elastic Runtime\u662fPivotal Cloud Foundry\u7684\u4e00\u4e2a\u8fd0\u884c\u73af\u5883\u3002\r\n\r\nPCF Elastic Runtime\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Pivotal",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://pivotal.io/security/cve-2017-4955",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04762",
  "openTime": "2017-04-20",
  "patchDescription": "Pivotal Cloud Foundry\uff08PCF\uff09\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5b83\u63d0\u4f9b\u5bb9\u5668\u8c03\u5ea6\u3001\u6301\u7eed\u4ea4\u4ed8\u548c\u81ea\u52a8\u5316\u670d\u52a1\u90e8\u7f72\u7b49\u529f\u80fd\u3002Elastic Runtime\u662fPivotal Cloud Foundry\u7684\u4e00\u4e2a\u8fd0\u884c\u73af\u5883\u3002\r\n\r\nPCF Elastic Runtime\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Cloud Foundry Elastic Runtime\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-04762\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software Cloud Foundry Elastic Runtime \u003c1.6.65",
      "Pivotal Software Cloud Foundry Elastic Runtime  \u003c1.6.65",
      "Pivotal Software Cloud Foundry Elastic Runtime  \u003c1.7.48",
      "Pivotal Software Cloud Foundry Elastic Runtime  \u003c1.8.28",
      "Pivotal Software Cloud Foundry Elastic Runtime  \u003c1.9.5"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97082",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-31",
  "title": "Pivotal Cloud Foundry Elastic Runtime\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-04762\uff09"
}

CVE-2017-4955 (GCVE-0-2017-4955)

Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 14:47

Summary

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

Severity ?

No CVSS data available.

CWE

Credentials in Elastic Runtime Notifications errand log

Assigner

dell

References

URL

Tags

	https://pivotal.io/security/cve-2017-4955	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97082	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	PCF Elastic Runtime	Affected: PCF Elastic Runtime

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:47:44.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2017-4955"
          },
          {
            "name": "97082",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97082"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PCF Elastic Runtime",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "PCF Elastic Runtime"
            }
          ]
        }
      ],
      "datePublic": "2017-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Credentials in Elastic Runtime Notifications errand log",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-13T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2017-4955"
        },
        {
          "name": "97082",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97082"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-4955",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PCF Elastic Runtime",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "PCF Elastic Runtime"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Credentials in Elastic Runtime Notifications errand log"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2017-4955",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2017-4955"
            },
            {
              "name": "97082",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97082"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-4955",
    "datePublished": "2017-06-13T06:00:00",
    "dateReserved": "2016-12-29T00:00:00",
    "dateUpdated": "2024-08-05T14:47:44.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-04762

CVE-2017-4955 (GCVE-0-2017-4955)

Tags

Sightings

Nomenclature