Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-3800

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

  • Published: Aug 5, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-3800
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Low
  • Score: 2.1
  • AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
pivotal / cloud_foundry_notifications - 58
pivotal / cloud_foundry_log_cache_release - 2.3.1
pivotal / cloud_foundry_deployment_concourse_tasks - 9.3.0
pivotal / cloud_foundry_deployment - 10.0.0
pivotal / cloud_foundry_smoke_test - 40.0.113
pivotal / cloud_foundry_routing_release - 0.189.0
pivotal / cloud_foundry_networking_release - 2.23.0
pivotal / cloud_foundry_command_line_interface_release - 1.16.0
pivotal / cloud_foundry_command_line_interface - 6.45.0
pivotal / pivotal_cloud_foundry_service_broker - 1.4.13
pivotal / on_demand_service_broker - 0.29.0
pivotal / metric_registrar_release - 1.2
pivotal / credhub_service_broker_for_pcf - 1.3.2
pivotal / cloud_foundry_autoscaling_release - 219
pivotal / cloud_foundry_event_alerts - 1.2.8
pivotal / application_service 2.5.0 2.5.6
pivotal / application_service 2.4.0 2.4.10
pivotal / application_service 2.3.0 2.3.14
pivotal / cloud_foundry_healthwatch 1.5.0 1.5.4
pivotal / cloud_foundry_healthwatch 1.4.0 1.4.7
pivotal / single_sign-on 1.9.0 1.9.1
pivotal / single_sign-on 1.8.0 1.8.4
pivotal / single_sign-on 1.7.0 1.7.5
apigee / edge_service_broker - 3.1.3
newrelic / dotnet_extension_buildpack - 1.1.1
microsoft / azure_service_broker - 1.4.1
appdynamics / application_analytics - 4.7.652
appdynamics / application_performance_monitoring - 4.6.64
appdynamics / platform_montioring - 4.7.712
bluemedora / nozzle - 3.1.1
contrastsecurity / service_broker - 2.2.0
cyberark / conjur_service_broker - 1.1.1
datadoghq / application_monitoring - 1.7.0
datastax / enterprise_service_broker - 1.0.2
dynatrace / service_broker - 1.4.2
forgerock / service_broker - 2.1.2
google / google_cloud_platform_service_broker - 4.2.3
ibm / websphere_liberty_ - 3.11.0
microsoft / azure_log_analytics_nozzle - 1.4.1
newrelic / nozzle - 1.1.17
newrelic / service_broker - 1.12.64
pagerduty / service_broker - 1.2.4
riverbed / steelcentral_appinternals - 10.21.1-bl516
signalsciences / service_broker - 1.1.0
wavefront / wavefront_by_vmware_nozzle - 1.0.2
tibco / businessworks_buildpack - 2.4.4
solace / pubsub+ - 2.3.2
snyk / service_broker - 1.0.3
samba / volume_service - 1.1.1
splunk / nozzle - 1.1.1
sumologic / nozzle - 1.0.1
synopsys / seeker_iast_service_broker - 1.2.14
yugabyte / db_enterprise - 1.1.8
anynines / elasticsearch - 2.1.2
anynines / logme - 2.1.2
anynines / mysql - 2.1.2
anynines / postgresql - 2.1.2
anynines / rabbitmq - 2.1.2
anynines / redis - 2.1.2
anynines / mongodb - 2.1.2