DellCVELIST:CVE-2018-15800CVE-2018-15800 Timing attack allows extraction of signing key in Bits Service
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.6%
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
CNA Affected
[
{
"product": "Bits Service Release",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
]References
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.6%