CVE-2018-15796
8.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Foundry | bits-service-release | all versions < 2.14.0 | affected |
Weaknesses
- Weak Cryptography
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.