CVE-2020-5422

CVE-2020-5422: UAA password may appear in BOSH System Metrics Server process arguments

Vendor Cloud Foundry
Product BOSH System Metrics Server
Weakness CWE-214
Published October 2, 2020
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).

Key dates

02Disclosure timeline

October 2, 2020 CVE published
September 17, 2024 Record updated