MidnightBSD

Advisories for signalsciences

CVE-2019-3800 LOW

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-200,

Products Affected

Vendor Product Version
anynines elasticsearch *
pivotal cloud_foundry_command_line_interface_release *
google google_cloud_platform_service_broker *
ibm websphere_liberty_ *
samba volume_service *
pivotal cloud_foundry_command_line_interface *
snyk service_broker *
synopsys seeker_iast_service_broker *
sumologic nozzle *
anynines logme *
anynines redis *
microsoft azure_service_broker *
newrelic service_broker *
apigee edge_service_broker *
contrastsecurity service_broker *
pivotal cloud_foundry_routing_release *
signalsciences service_broker *
dynatrace service_broker *
pivotal cloud_foundry_smoke_test *
appdynamics application_performance_monitoring *
pivotal application_service *
pivotal credhub_service_broker_for_pcf *
pivotal cloud_foundry_healthwatch *
riverbed steelcentral_appinternals *
newrelic nozzle *
datastax enterprise_service_broker *
appdynamics application_analytics *
appdynamics platform_montioring *
tibco businessworks_buildpack *
pivotal metric_registrar_release *
pivotal cloud_foundry_deployment_concourse_tasks *
anynines postgresql *
solace pubsub+ *
pivotal cloud_foundry_event_alerts *
datadoghq application_monitoring *
microsoft azure_log_analytics_nozzle *
yugabyte db_enterprise *
pivotal on_demand_service_broker *
anynines mongodb *
newrelic dotnet_extension_buildpack *
pivotal cloud_foundry_networking_release *
splunk nozzle *
bluemedora nozzle *
cyberark conjur_service_broker *
pivotal cloud_foundry_log_cache_release *
pivotal pivotal_cloud_foundry_service_broker *
pivotal cloud_foundry_deployment *
pivotal cloud_foundry_autoscaling_release *
pivotal cloud_foundry_notifications *
anynines rabbitmq *
wavefront wavefront_by_vmware_nozzle *
forgerock service_broker *
anynines mysql *
pivotal single_sign-on *
pagerduty service_broker *