CVE-2020-5422 Vulnerability Details

  /     /     /  

CVE-2020-5422 Metadata Quick Info

CVE Published: 02/10/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: pivotal | Vendor: Cloud Foundry | Product: BOSH System Metrics Server
Status : PUBLISHED

---

CVE-2020-5422 Description

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-214
CWE Name: CWE-214: Invocation of Process Using Visible Sensitive Information
Source: Cloud Foundry

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).