MidnightBSD

Advisories for bluemedora

CVE-2019-3800 LOW

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-200,

Products Affected

Vendor Product Version
pivotal single_sign-on *
apigee edge_service_broker *
anynines elasticsearch *
microsoft azure_service_broker *
pivotal cloud_foundry_command_line_interface *
pivotal application_service *
pivotal cloud_foundry_command_line_interface_release *
pivotal cloud_foundry_deployment_concourse_tasks *
forgerock service_broker *
anynines logme *
anynines redis *
pivotal cloud_foundry_log_cache_release *
pivotal metric_registrar_release *
pivotal credhub_service_broker_for_pcf *
pivotal cloud_foundry_smoke_test *
pivotal cloud_foundry_event_alerts *
anynines mongodb *
ibm websphere_liberty_ *
wavefront wavefront_by_vmware_nozzle *
appdynamics application_performance_monitoring *
google google_cloud_platform_service_broker *
solace pubsub+ *
anynines rabbitmq *
anynines mysql *
tibco businessworks_buildpack *
snyk service_broker *
anynines postgresql *
pivotal cloud_foundry_routing_release *
riverbed steelcentral_appinternals *
datadoghq application_monitoring *
newrelic dotnet_extension_buildpack *
appdynamics application_analytics *
appdynamics platform_montioring *
pivotal cloud_foundry_notifications *
pivotal pivotal_cloud_foundry_service_broker *
cyberark conjur_service_broker *
sumologic nozzle *
dynatrace service_broker *
pivotal cloud_foundry_deployment *
pivotal cloud_foundry_networking_release *
newrelic service_broker *
splunk nozzle *
newrelic nozzle *
microsoft azure_log_analytics_nozzle *
synopsys seeker_iast_service_broker *
signalsciences service_broker *
yugabyte db_enterprise *
datastax enterprise_service_broker *
pivotal cloud_foundry_autoscaling_release *
pivotal cloud_foundry_healthwatch *
contrastsecurity service_broker *
pagerduty service_broker *
samba volume_service *
pivotal on_demand_service_broker *
bluemedora nozzle *