Vulnerability Details CVE-2018-15796
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.3%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
References
Products affected by CVE-2018-15796
-
cpe:2.3:a:pivotal_software:bits_service:*