CVE-2018-15800

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
References
Link Resource
https://www.cloudfoundry.org/blog/cve-2018-15800 Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cloud_foundry:bits_service:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-12-10 19:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-15800

Mitre link : CVE-2018-15800

CVE.ORG link : CVE-2018-15800


JSON object : View

Products Affected

cloud_foundry

  • bits_service
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor