Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-5422
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
UAA password may appear in BOSH System Metrics Server process arguments
Source: NVD (National Vulnerability Database)
Vulnerability Description
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过处理环境导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
BOSH System Metrics Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
bosh system metrics server是 BOSH System Metrics Server 0.1.0之前版本存在安全漏洞,该漏洞源于暴露了UAA密码作为进程运行在国旗波什导演。它暴露了密码的任何用户或进程访问同一个VM(通过ps或查看流程细节)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Cloud FoundryBOSH System Metrics Server All ~ 0.1.0 -
II. Public POCs for CVE-2020-5422
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-5422
Please Login to view more intelligence information
New Vulnerabilities
Vendor: Cloud Foundry
Same weakness: CWE-214
V. Comments for CVE-2020-5422

No comments yet

Leave a comment