github.com/cloudfoundry-incubator/bits-service is vulnerable to information disclosure. An insecure string comparison function allows a remote attacker to brute-force the signing key by analyzing the process response and determine the signing key to gain full access to the Bits Service storage.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/cloudfoundry-incubator/bits-service | eq | HEAD |