Vulnerability CVE-2019-3782


Published: 2019-02-13

Description:
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Cloudfoundry -> Credhub cli 

 References:
http://www.securityfocus.com/bid/107038
https://www.cloudfoundry.org/blog/cve-2019-3782

Copyright 2024, cxsecurity.com

 

Back to Top