Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2018-15796 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-11-09 22:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-15796
Mitre link : CVE-2018-15796
CVE.ORG link : CVE-2018-15796
JSON object : View
Products Affected
pivotal_software
- bits_service
CWE
CWE-326
Inadequate Encryption Strength