Unrated severityNVD Advisory· Published Nov 9, 2018· Updated Sep 16, 2024
Signing Key Extraction in Bits Service Release
CVE-2018-15796
Description
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.14.0
- Cloud Foundry/bits-service-releasev5Range: all versions
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2018-15796mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.