Maven package
org.springframework.credhub/spring-credhub-core
pkg:maven/org.springframework.credhub/spring-credhub-core
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-15795 | Hig | 8.1 | < 1.1.0 | 1.1.0 | Nov 13, 2018 | Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service. |
- affected < 1.1.0fixed 1.1.0
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.