|
|
|
Credit:
The original article can be found at: http://www.securityfocus.com/bid/93480
The information has been provided by Cloud Foundry.
|
|
Vulnerable Systems:
* Pivotal Software Cloud Foundry Cf Mysql 27.0
* Pivotal Software Cloud Foundry Cf Mysql 28.0
MariaDB s audit_plugin, incorporated in cf-mysql-release starting with cf-mysql-release v27, allows the Operator to enable audit trails, which log all queries sent to the SQL server. With the incorporation of this plugin, a bug was introduced that causes those logs to be sent to syslog. Depending on the nature of the applications that use cf-mysql, these audit logs may contain Personally Identifiable Information (PII) of application users, including unencrypted application access credentials and any application-specific data written to the database.
CVE Information:
CVE-2016-6653
Disclosure Timeline:
Publish Date : 2016-10-06
Last Update Date : 2016-11-28
|
|
|
|