How severe is CVE-2016-6658?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2016-6658?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2016-6658 - CRITICAL Severity | CVSS 9.6

Vulnerability Description

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.

Related Vulnerabilities

CVE-2017-14443

CRITICAL

CVSS:9.6(Critical)

An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to a...

CWE-2002017

CVE-2017-18853

CRITICAL

CVSS:9.6(Critical)

Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and ear...

CWE-2002017

CVE-2023-40029

CRITICAL

CVSS:9.6(Critical)

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kube...

CWE-2002023

CVE-2024-0765

CRITICAL

CVSS:9.6(Critical)

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate...

CWE-2002024

CVE-2021-22272

CRITICAL

CVSS:9.4(Critical)

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.d...

CWE-2002021

CVE-2008-0655

CRITICAL

CVSS:9.8(Critical)

Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.

CWE-2002008