|
2019-08-05
|
CVE-2019-3800
|
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
|
Elasticsearch, Logme, Mongodb, Mysql, Postgresql, Rabbitmq, Redis, Edge_service_broker, Application_analytics, Application_performance_monitoring, Platform_montioring, Nozzle, Service_broker, Conjur_service_broker, Application_monitoring, Enterprise_service_broker, Service_broker, Service_broker, Google_cloud_platform_service_broker, Websphere_liberty_, Azure_log_analytics_nozzle, Azure_service_broker, Dotnet_extension_buildpack, Nozzle, Service_broker, Service_broker, Application_service, Cloud_foundry_autoscaling_release, Cloud_foundry_command_line_interface, Cloud_foundry_command_line_interface_release, Cloud_foundry_deployment, Cloud_foundry_deployment_concourse_tasks, Cloud_foundry_event_alerts, Cloud_foundry_healthwatch, Cloud_foundry_log_cache_release, Cloud_foundry_networking_release, Cloud_foundry_notifications, Cloud_foundry_routing_release, Cloud_foundry_smoke_test, Credhub_service_broker_for_pcf, Metric_registrar_release, On_demand_service_broker, Pivotal_cloud_foundry_service_broker, Single_sign\-On, Steelcentral_appinternals, Volume_service, Service_broker, Service_broker, Pubsub\+, Nozzle, Nozzle, Seeker_iast_service_broker, Businessworks_buildpack, Wavefront_by_vmware_nozzle, Db_enterprise
|
7.8
|
|
|