CVE-2020-5422
EUVD-2020-2659002.10.2020, 17:15
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| cloud_foundry | bosh_system_metrics_server | 𝑥 < 0.1.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-214 - Invocation of Process Using Visible Sensitive InformationA process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.