Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2018-15796 | Vendor Advisory |
https://www.cloudfoundry.org/blog/cve-2018-15796 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cloudfoundry.org/blog/cve-2018-15796 - Vendor Advisory |
Information
Published : 2018-11-09 22:29
Updated : 2024-11-21 03:51
NVD link : CVE-2018-15796
Mitre link : CVE-2018-15796
CVE.ORG link : CVE-2018-15796
JSON object : View
Products Affected
pivotal_software
- bits_service
CWE
CWE-326
Inadequate Encryption Strength