Compromising information in client message

[ashishjain14]

When trying to create a service instance, without having an entitlement, the message displayed in the client displays information that appears to be a security risk:
The service broker rejected the request to https://:9293/cf/v2/service_instances/691f1431-6fcd-4cbd-a3fb-d1510f0e675c?accepts_incomplete=true. Status Code: 403 Forbidden, Body:
{"status":403,"message":"Not entitled to create service instance"}

Currently the error message displays The IP:port and full path of the service. This seems to be coming from https://github.com/cloudfoundry/cloud_controller_ng/blob/173954d8ed2d2b9624d074ba2b277f7bd47c8432/lib/services/service_brokers/v2/errors/service_broker_request_rejected.rb#L15

How can this information be masked on failure?

[ashishjain14]

Opened a bug in capi cloudfoundry/cloud_controller_ng#1025

[pivotal-marcela-campo]

The Bug in CAPI has been closed as won't fix as they don't consider it to be a security concern.
Will proceed to close this bug if there are no objections.
@cloudfoundry-incubator/wg-service-management-service-fabrik-approvers @cloudfoundry-incubator/service-fabrik