CVE-2018-15796
Signing Key Extraction in Bits Service Release
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Productos afectados
Cloud Foundry · bits-service-release¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →