Pivotal Software Cloud Foundry Cf Mysql 27 Obtain Information Vulnerability
16 Dec. 2016
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.
* Pivotal Software Cloud Foundry Cf Mysql 27
* Pivotal Software Cloud Foundry Cf Mysql 28
MariaDB s audit_plugin, incorporated in cf-mysql-release starting with cf-mysql-release v27, allows the Operator to enable audit trails, which log all queries sent to the SQL server. With the incorporation of this plugin, a bug was introduced that causes those logs to be sent to syslog. Depending on the nature of the applications that use cf-mysql, these audit logs may contain Personally Identifiable Information (PII) of application users, including unencrypted application access credentials and any application-specific data written to the database.
The audit_plugin automatically redacts credentials in MySQL user creation. MySQL server access credentials are not sent to syslog.