BOSH System Metrics Server releases before 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cloud foundry bosh system metrics server |