MidnightBSD

Advisories for datastax

CVE-2019-3800 LOW

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-200,

Products Affected

Vendor Product Version
pivotal cloud_foundry_command_line_interface *
cyberark conjur_service_broker *
pivotal cloud_foundry_networking_release *
splunk nozzle *
pivotal cloud_foundry_log_cache_release *
anynines logme *
samba volume_service *
tibco businessworks_buildpack *
pivotal cloud_foundry_healthwatch *
newrelic dotnet_extension_buildpack *
datastax enterprise_service_broker *
pivotal application_service *
datadoghq application_monitoring *
appdynamics application_analytics *
forgerock service_broker *
newrelic nozzle *
snyk service_broker *
contrastsecurity service_broker *
apigee edge_service_broker *
solace pubsub+ *
pivotal pivotal_cloud_foundry_service_broker *
pivotal single_sign-on *
dynatrace service_broker *
pivotal cloud_foundry_notifications *
pivotal on_demand_service_broker *
anynines elasticsearch *
pagerduty service_broker *
yugabyte db_enterprise *
anynines rabbitmq *
ibm websphere_liberty_ *
google google_cloud_platform_service_broker *
appdynamics application_performance_monitoring *
pivotal cloud_foundry_event_alerts *
anynines mysql *
newrelic service_broker *
riverbed steelcentral_appinternals *
pivotal credhub_service_broker_for_pcf *
synopsys seeker_iast_service_broker *
pivotal cloud_foundry_routing_release *
anynines redis *
anynines mongodb *
pivotal cloud_foundry_deployment_concourse_tasks *
anynines postgresql *
pivotal cloud_foundry_command_line_interface_release *
appdynamics platform_montioring *
microsoft azure_service_broker *
sumologic nozzle *
pivotal cloud_foundry_deployment *
pivotal cloud_foundry_autoscaling_release *
pivotal cloud_foundry_smoke_test *
wavefront wavefront_by_vmware_nozzle *
signalsciences service_broker *
pivotal metric_registrar_release *
microsoft azure_log_analytics_nozzle *
bluemedora nozzle *