VYPR

BOSH System Metrics Server

by Cloudfoundry

CVEs (1)

  • CVE-2020-5422Oct 2, 2020
    risk 0.00cvss epss 0.01

    BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).