{"id":"CVE-2016-5006","details":"The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.","modified":"2026-04-10T03:50:07.146373Z","published":"2017-05-02T14:59:00.410Z","references":[{"type":"ADVISORY","url":"https://pivotal.io/security/cve-2016-5006"},{"type":"ADVISORY","url":"https://www.cloudfoundry.org/CVE-2016-5006/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa","events":[{"introduced":"0"},{"last_affected":"585adc1bde0b242e204b6a6300e19ee5283c2bbe"},{"introduced":"0"},{"last_affected":"36efbc0bf6186a4abaf51c04e55cdb2d5e15091b"},{"introduced":"0"},{"last_affected":"3ce2a53c261790f5a4cbddff3dd4dcf4a82d69ac"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.7.0"},{"introduced":"0"},{"last_affected":"1.7.1"},{"introduced":"0"},{"last_affected":"1.7.2"}]}}],"versions":["1.0.1","1.0.3","1.1","1.1.1","1.1.2","1.2.0","1.2.6","1.4.0","1.4.1","1.4.2","1.4.3","1.4.5","1.4.6","1.4.7","1.5.0","1.5.2","1.5.2.1","1.5.3","1.5.4","1.5.4.1","1.6.0","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"238.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.32"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5006.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}