Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2018-15800 | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2018-12-06T00:00:00
Updated: 2018-12-10T18:57:01
Reserved: 2018-08-23T00:00:00
Link: CVE-2018-15800
JSON object: View
NVD Information
Status : Modified
Published: 2018-12-10T19:29:25.173
Modified: 2019-10-09T23:35:54.907
Link: CVE-2018-15800
JSON object: View
Redhat Information
No data.
CWE