Security Advisory

CVE-2020-5422

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-02 17:10:12

Last updated 2024-09-17 04:25:30

Assigner pivotal

State PUBLISHED

Description

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).

← Browse all CVEs View on cve.org ↗