Vulnerabilities (CVE)

Filtered by vendor Cloud Foundry Subscribe
Filtered by product Bosh System Metrics Server
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5422 1 Cloud Foundry 1 Bosh System Metrics Server 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).