HIGH🇵🇱 Wersja polska

CVE-2018-15800

CVSS 8.1v3.0pub. 2018-12-10upd. 2024-11-21

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Cloud Foundry Bits Service

    APP
    Cloud Foundry
    < 2.18.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-11271HIGH7.8ten sam vendor

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact cre...

CVE-2018-11083HIGH8.1ten sam vendor

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and...

CVE-2017-4961HIGH8.8ten sam vendor

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x v...

CVE-2016-3091HIGH7.5ten sam vendor

Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.

CVE-2026-41009MEDIUM4.3ten sam vendor

When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by A...