CVE-2020-5422

EPSS 0.91%
Veröffentlicht 02.10.2020 17:15:12
Zuletzt bearbeitet 21.11.2024 05:34:08
Quelle security@pivotal.io
CVE-Watchlists
Login
Unerledigt
Login

UAA password may appear in BOSH System Metrics Server process arguments

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloud Foundry ≫ Bosh System Metrics Server Version < 0.1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.551

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-214 Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.cloudfoundry.org/blog/cve-2020-5422

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5422

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5422

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5422

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-5422