Описание
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.18.0 (исключая)
cpe:2.3:a:cloud_foundry:bits_service:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00292
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.8
github
больше 3 лет назад
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
EPSS
Процентиль: 52%
0.00292
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200