PT-2018-13211 · Pivotal · Credhub Service Broker

Publicado

2018-11-13

Atualizado

2019-10-09

CVE-2018-15795

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Pivotal CredHub Service Broker versions prior to 1.1.0

Description The issue concerns the use of a guessable form of random number generation in creating the service broker's UAA client. This allows a remote malicious user to potentially guess the client secret, which could then be used to obtain or modify credentials for users of the CredHub Service.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-338

Identificadores relacionados

CVE-2018-15795

GHSA-Q3JG-4C82-J4XH

Produtos afetados

Credhub Service Broker

PT-2018-13211 · Pivotal · Credhub Service Broker

CVE-2018-15795

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6