CVE-2018-15795

HIGH

Pivotal CredHub Service Broker <1.1.0 - Info Disclosure

Title source: llm

Description

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.

References (2)

[Mitigation, Vendor Advisory] https://pivotal.io/security/cve-2018-15795

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105915

Scores

CVSS v3 8.1

EPSS 0.0036

EPSS Percentile 57.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Details

CWE

CWE-338

Status published

Products (2)

org.springframework.credhub/spring-credhub-core 0 - 1.1.0Maven

pivotal_software/credhub_service_broker < 1.1.0

Published Nov 13, 2018

Tracked Since Feb 18, 2026