VYPR
Unrated severityNVD Advisory· Published Nov 9, 2018· Updated Sep 16, 2024

Signing Key Extraction in Bits Service Release

CVE-2018-15796

Description

Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.