Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for bosh_system_metrics_server by cloud_foundry
CVE-2020-5422 (GCVE-0-2020-5422)
Vulnerability from cvelistv5 – Published: 2020-10-02 17:10 – Updated: 2024-09-17 04:25
VLAI
Title
UAA password may appear in BOSH System Metrics Server process arguments
Summary
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).
Severity
No CVSS data available.
CWE
- CWE-214 - Invocation of Process Using Visible Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2020-5422 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | BOSH System Metrics Server |
Affected:
All , < 0.1.0
(custom)
|
Date Public
2020-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2020-5422"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BOSH System Metrics Server",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "0.1.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214: Invocation of Process Using Visible Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T17:10:12.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2020-5422"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAA password may appear in BOSH System Metrics Server process arguments",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-10-01T00:00:00.000Z",
"ID": "CVE-2020-5422",
"STATE": "PUBLIC",
"TITLE": "UAA password may appear in BOSH System Metrics Server process arguments"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BOSH System Metrics Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "0.1.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details)."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-214: Invocation of Process Using Visible Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2020-5422",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2020-5422"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5422",
"datePublished": "2020-10-02T17:10:12.615Z",
"dateReserved": "2020-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:25:30.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5422 (GCVE-0-2020-5422)
Vulnerability from nvd – Published: 2020-10-02 17:10 – Updated: 2024-09-17 04:25
VLAI
Title
UAA password may appear in BOSH System Metrics Server process arguments
Summary
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).
Severity
No CVSS data available.
CWE
- CWE-214 - Invocation of Process Using Visible Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2020-5422 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | BOSH System Metrics Server |
Affected:
All , < 0.1.0
(custom)
|
Date Public
2020-10-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2020-5422"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BOSH System Metrics Server",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "0.1.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214: Invocation of Process Using Visible Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T17:10:12.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2020-5422"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAA password may appear in BOSH System Metrics Server process arguments",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-10-01T00:00:00.000Z",
"ID": "CVE-2020-5422",
"STATE": "PUBLIC",
"TITLE": "UAA password may appear in BOSH System Metrics Server process arguments"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BOSH System Metrics Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "0.1.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details)."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-214: Invocation of Process Using Visible Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2020-5422",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2020-5422"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5422",
"datePublished": "2020-10-02T17:10:12.615Z",
"dateReserved": "2020-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:25:30.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}