CVE-2020-5422

Summary

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryBOSH System Metrics ServerAll < 0.1.0affected

Weaknesses

  • CWE-214: CWE-214: Invocation of Process Using Visible Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References