MEDIUM🇬🇧 English

CVE-2020-5422

CVSS 6.5v3.1pub. 2020-10-02upd. 2024-11-21

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Cloud Foundry Bosh System Metrics Server

    APP
    Cloud Foundry
    < 0.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-11271HIGH7.8ten sam vendor

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact cre...

CVE-2018-15800HIGH8.1ten sam vendor

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remo...

CVE-2018-11083HIGH8.1ten sam vendor

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and...

CVE-2017-4961HIGH8.8ten sam vendor

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x v...

CVE-2016-3091HIGH7.5ten sam vendor

Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.