PT-2018-13211 · Pivotal · Credhub Service Broker

Published

2018-11-13

Updated

2019-10-09

CVE-2018-15795

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Pivotal CredHub Service Broker versions prior to 1.1.0

Description The issue concerns the use of a guessable form of random number generation in creating the service broker's UAA client. This allows a remote malicious user to potentially guess the client secret, which could then be used to obtain or modify credentials for users of the CredHub Service.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-338

Related Identifiers

CVE-2018-15795

GHSA-Q3JG-4C82-J4XH

Affected Products

Credhub Service Broker

PT-2018-13211 · Pivotal · Credhub Service Broker

CVE-2018-15795

Weakness Enumeration

Related Identifiers

Affected Products

References · 6