Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-15763

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-05 Oct, 2018 | 21:00
Updated At-16 Sep, 2024 | 18:48
Rejected At-
Credits

PKS leaks IaaS Credentials to Application Logs

Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:05 Oct, 2018 | 21:00
Updated At:16 Sep, 2024 | 18:48
Rejected At:
▼CVE Numbering Authority (CNA)
PKS leaks IaaS Credentials to Application Logs

Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.

Affected Products
Vendor
VMware (Broadcom Inc.)Pivotal
Product
Pivotal Container Service
Versions
Affected
  • From all versions before 1.2.0 (custom)
Problem Types
TypeCWE IDDescription
textN/AInformation Exposure Through Application Logs
Type: text
CWE ID: N/A
Description: Information Exposure Through Application Logs
Metrics
VersionBase scoreBase severityVector
3.09.0CRITICAL
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.0
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://pivotal.io/security/cve-2018-15763
x_refsource_CONFIRM
Hyperlink: https://pivotal.io/security/cve-2018-15763
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://pivotal.io/security/cve-2018-15763
x_refsource_CONFIRM
x_transferred
Hyperlink: https://pivotal.io/security/cve-2018-15763
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:05 Oct, 2018 | 21:29
Updated At:09 Oct, 2019 | 23:35

Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.09.0CRITICAL
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CPE Matches
VMware (Broadcom Inc.)
pivotal_software
>>pivotal_container_service>>Versions before 1.2(exclusive)
cpe:2.3:a:pivotal_software:pivotal_container_service:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-532Primarynvd@nist.gov
CWE ID: CWE-532
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://pivotal.io/security/cve-2018-15763security_alert@emc.com
Vendor Advisory
Hyperlink: https://pivotal.io/security/cve-2018-15763
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

110Records found
CVE-2019-11549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.32%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 18:54
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-10213
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 62.76%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:21
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformenterprise_linuxopenshift
CWE ID-CWE-117
Improper Output Neutralization for Logs
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-0380
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.9||MEDIUM
EPSS-0.34% / 55.74%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 19:31
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.

Action-Not Available
Vendor-SAP SE
Product-landscape_managementSAP Landscape Management enterprise edition
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-1999036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.69%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 13:00
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Action-Not Available
Vendor-n/aJenkins
Product-ssh_agentn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-6662
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 55.35%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 20:45
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-27019
Matching Score-4
Assigner-Perforce
ShareView Details
Matching Score-4
Assigner-Perforce
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.71%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 17:56
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PuppetDB logging included potentially sensitive system information.

Action-Not Available
Vendor-n/aPerforce Software, Inc. ("Puppet")
Product-puppet_enterprisepuppetdbPuppetDB, Puppet Enterprise
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-20359
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.45%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 14:40
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_automationCloud Pak for Automation
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-1226
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.12%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:16
Updated-12 Nov, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Products Information Disclosure Vulnerability

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unity_connectionunified_communications_managerprime_license_managerunified_communications_manager_im_\&_presence_serviceemergency_responderCisco Emergency Responder
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-11134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.03%
||
7 Day CHG~0.00%
Published-01 Aug, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.

Action-Not Available
Vendor-stashcatn/a
Product-heinekingmedian/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-3281
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.18%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:56
Updated-15 Nov, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Digital Network Architecture Center Information Disclosure Vulnerability

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-digital_network_architecture_centerCisco Digital Network Architecture Center (DNA Center)
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found