CVE-2018-15795
Summary
| CVE | CVE-2018-15795 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-11-13 14:29:00 UTC |
|---|
| Updated | 2019-10-09 23:35:00 UTC |
|---|
| Description | Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Pivotal Cloud Foundry CredHub Service Broker Predictable Random Number Generator Weakness |
BID |
www.securityfocus.com |
Third Party Advisory, VDB Entry |
| CVE-2018-15795: CredHub Service Broker uses guessable client secret | Security | Pivotal |
CONFIRM |
pivotal.io |
Mitigation, Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 980948 Java (maven) Security Update for org.springframework.credhub:spring-credhub-core (GHSA-q3jg-4c82-j4xh)
