Cloud Foundry Log Cache
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal_software:cloud_foundry_log_cache:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pivotal Software (a7eef617-cad9-5400-bbf0-2e56b16d90a7) |
|---|---|
| Product | Cloud Foundry Log Cache (f3f7f974-1f48-5411-861a-e97063e03964) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/cloudfoundry/log-cache-release |
purl2cpe | 2026-06-01 10:11:00.484015 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-1264 |
vulnerable | 2026-06-03 14:38:30.718223 |
Log Cache logs UAA client secret on startup
CRITICAL (9.1)
Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation.
Published: 2018-10-05T21:00:00.000Z
Updated: 2024-09-16T19:10:46.786Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.