Описание
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.14.0 (исключая)
cpe:2.3:a:pivotal_software:bits_service:*:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00438
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-326
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
EPSS
Процентиль: 62%
0.00438
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-326