CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
CVSS 2.0
Severity: LOW
Problem Type: CWE-522,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| anynines | elasticsearch | * |
| pivotal | cloud_foundry_command_line_interface_release | * |
| google_cloud_platform_service_broker | * | |
| ibm | websphere_liberty_ | * |
| samba | volume_service | * |
| pivotal | cloud_foundry_command_line_interface | * |
| snyk | service_broker | * |
| synopsys | seeker_iast_service_broker | * |
| sumologic | nozzle | * |
| anynines | logme | * |
| anynines | redis | * |
| microsoft | azure_service_broker | * |
| newrelic | service_broker | * |
| apigee | edge_service_broker | * |
| contrastsecurity | service_broker | * |
| pivotal | cloud_foundry_routing_release | * |
| signalsciences | service_broker | * |
| dynatrace | service_broker | * |
| pivotal | cloud_foundry_smoke_test | * |
| appdynamics | application_performance_monitoring | * |
| pivotal | application_service | * |
| pivotal | credhub_service_broker_for_pcf | * |
| pivotal | cloud_foundry_healthwatch | * |
| riverbed | steelcentral_appinternals | * |
| newrelic | nozzle | * |
| datastax | enterprise_service_broker | * |
| appdynamics | application_analytics | * |
| appdynamics | platform_montioring | * |
| tibco | businessworks_buildpack | * |
| pivotal | metric_registrar_release | * |
| pivotal | cloud_foundry_deployment_concourse_tasks | * |
| anynines | postgresql | * |
| solace | pubsub+ | * |
| pivotal | cloud_foundry_event_alerts | * |
| datadoghq | application_monitoring | * |
| microsoft | azure_log_analytics_nozzle | * |
| yugabyte | db_enterprise | * |
| pivotal | on_demand_service_broker | * |
| anynines | mongodb | * |
| newrelic | dotnet_extension_buildpack | * |
| pivotal | cloud_foundry_networking_release | * |
| splunk | nozzle | * |
| bluemedora | nozzle | * |
| cyberark | conjur_service_broker | * |
| pivotal | cloud_foundry_log_cache_release | * |
| pivotal | pivotal_cloud_foundry_service_broker | * |
| pivotal | cloud_foundry_deployment | * |
| pivotal | cloud_foundry_autoscaling_release | * |
| pivotal | cloud_foundry_notifications | * |
| anynines | rabbitmq | * |
| wavefront | wavefront_by_vmware_nozzle | * |
| forgerock | service_broker | * |
| anynines | mysql | * |
| pivotal | single_sign-on | * |
| pagerduty | service_broker | * |