VYPR

Bits Service

by Cloudfoundry

CVEs (2)

  • CVE-2018-15800Dec 10, 2018
    risk 0.00cvss epss 0.01

    Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.

  • CVE-2018-15796Nov 9, 2018
    risk 0.00cvss epss 0.01

    Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.