Search criteria
6 vulnerabilities found for cloud_foundry_deployment by pivotal
FKIE_CVE-2023-34061
Vulnerability from fkie_nvd - Published: 2024-01-12 07:15 - Updated: 2025-06-03 14:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pivotal | cloud_foundry_deployment | * | |
| pivotal | cloud_foundry_routing_release | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E860CEF6-3AB5-4ADF-B1A6-4D05A5F5390B",
"versionEndIncluding": "33.5.0",
"versionStartIncluding": "0.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66D0AA37-1922-486B-86C9-59E96F1B6E1E",
"versionEndIncluding": "0.283.0",
"versionStartIncluding": "0.163.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"
},
{
"lang": "es",
"value": "Las versiones de enrutamiento de Cloud Foundry desde v0.163.0 hasta v0.283.0 son vulnerables a un ataque de DOS. Un atacante no autenticado puede utilizar esta vulnerabilidad para forzar la poda de rutas y, por lo tanto, degradar la disponibilidad del servicio de la implementaci\u00f3n de Cloud Foundry."
}
],
"id": "CVE-2023-34061",
"lastModified": "2025-06-03T14:15:29.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T07:15:11.747",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2019-3800
Vulnerability from fkie_nvd - Published: 2019-08-05 17:15 - Updated: 2024-11-21 04:42
Severity ?
6.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_command_line_interface:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4FD32DF-0EF0-4CDA-992A-FFD404A05AB2",
"versionEndExcluding": "6.45.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_command_line_interface_release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04F8E5C0-449F-4E58-9113-A95D0A5E4F86",
"versionEndExcluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13D840EB-A220-4C25-8B72-3506ADB08A7E",
"versionEndExcluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_deployment_concourse_tasks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90B6B206-94FC-4C78-9934-671FD9F48899",
"versionEndExcluding": "9.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_log_cache_release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC091EB-B582-4AA6-8C03-AC22248446EB",
"versionEndExcluding": "2.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_networking_release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "652F9F32-36BA-4746-B1E4-8349E90EFD13",
"versionEndExcluding": "2.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*",
"matchCriteriaId": "949C15FF-9BBC-4505-AE49-D6846A2B6EEB",
"versionEndExcluding": "58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD6293D-319B-4F5B-A53E-45327F874782",
"versionEndExcluding": "0.189.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_smoke_test:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CC085B-863D-49F7-BDC6-000E0DFCF28B",
"versionEndExcluding": "40.0.113",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA35BC9-394D-4ABB-9DA5-C167945D1A13",
"versionEndExcluding": "2.3.14",
"versionStartIncluding": "2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B921F25-9042-4FBD-B739-1EA2FE65DC94",
"versionEndExcluding": "2.4.10",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30EDADC2-4D9D-4271-BEAF-7CF3A3C0DB74",
"versionEndExcluding": "2.5.6",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_autoscaling_release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91C32CE6-5C18-40E9-9608-D15BB4E24788",
"versionEndExcluding": "219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_event_alerts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2B204A-4EA4-44A3-B27B-3336D1A9FBFB",
"versionEndExcluding": "1.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71BC43B2-F5C3-4AFD-990F-19D364F7781E",
"versionEndExcluding": "1.4.7",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED64D8C0-E124-459B-A377-71CEFF182DFD",
"versionEndExcluding": "1.5.4",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:credhub_service_broker_for_pcf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1AAA37-B13F-4DBE-B2C0-3A0410C9DD3A",
"versionEndExcluding": "1.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:metric_registrar_release:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B072EBB3-FED0-4468-A9E8-5B6E2B329D3A",
"versionEndExcluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:on_demand_service_broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8C62A2-4B4C-40D8-8E64-6B5BC06D93BD",
"versionEndExcluding": "0.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:pivotal_cloud_foundry_service_broker:*:*:*:*:*:aws:*:*",
"matchCriteriaId": "6BCC700B-731F-42F6-9675-59C3AFC4DF33",
"versionEndExcluding": "1.4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*",
"matchCriteriaId": "94632FE3-6B3C-43A6-9DC7-166A7CC909F5",
"versionEndExcluding": "1.7.5",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*",
"matchCriteriaId": "7862820E-B6FD-4820-BB47-2983D7465BC4",
"versionEndExcluding": "1.8.4",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*",
"matchCriteriaId": "CF89202E-09F7-4311-A667-3CBD066156D4",
"versionEndExcluding": "1.9.1",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:anynines:elasticsearch:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "8CDB4E4C-A0C8-4335-8EE3-1A15876CB32D",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anynines:logme:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "E23C5203-CEBC-4E0A-AC84-2AC8E1568F71",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anynines:mongodb:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "2AB2AFD4-8989-4A6E-9D4B-631D53CFE0D6",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anynines:mysql:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "9CCC2276-21BD-46EF-8AFD-42E5067448F0",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anynines:postgresql:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "A304D180-9C7F-4748-B891-56B4913ED853",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anynines:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "1CA8DFF1-40F0-4311-BA6E-ACEB67F58622",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anynines:redis:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "E002C51E-F5ED-4232-B756-995ABEED1DC2",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apigee:edge_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "0438F2AA-B66E-4AE8-AACC-8D7FF57F18D7",
"versionEndExcluding": "3.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appdynamics:application_analytics:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "D53361F1-DE54-4808-B1B5-56149BABD9DA",
"versionEndExcluding": "4.7.652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appdynamics:application_performance_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "44473CD4-1DF6-48EF-B317-12BD36BFF420",
"versionEndExcluding": "4.6.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appdynamics:platform_montioring:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "4DD01FBD-0F69-4793-8343-E5B735171C9B",
"versionEndExcluding": "4.7.712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluemedora:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "ACA4480D-2A59-4DA8-A144-7EB97A570BFF",
"versionEndExcluding": "3.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contrastsecurity:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "AEC4F727-7085-4C7C-A0A8-EC77E0C6E89F",
"versionEndExcluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cyberark:conjur_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "CF0261DA-818C-46D5-93F6-AB77154C47F1",
"versionEndExcluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:datadoghq:application_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "32C06495-7CB3-4FF5-AA1F-5F2882FD5206",
"versionEndExcluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:datastax:enterprise_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "AEF84CBA-E099-41AD-8B3C-D3603C409810",
"versionEndExcluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dynatrace:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "16849497-DD68-4C1B-BFCB-91904F2F36B5",
"versionEndExcluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forgerock:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "E996866D-CEE3-4C0C-9011-A62BC94C4ECF",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:google_cloud_platform_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "C1F611B8-B347-4AEF-9479-80C8AC8457E1",
"versionEndExcluding": "4.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_liberty_:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "F9339579-1F54-4065-B5A8-C51EA9D5CF6E",
"versionEndExcluding": "3.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_log_analytics_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "4F38E12C-5675-4290-BE46-11F2768AABF1",
"versionEndExcluding": "1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "BE11B12D-E020-4411-A85E-589F813894E7",
"versionEndExcluding": "1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:newrelic:dotnet_extension_buildpack:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "F861138B-93A0-4E61-9205-B1505AD02C1D",
"versionEndExcluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:newrelic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "5EE16E5F-6078-4293-B0F1-020D6AF79105",
"versionEndExcluding": "1.1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:newrelic:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "436B6156-3CFA-42E8-8B8D-A142B43E1680",
"versionEndExcluding": "1.12.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pagerduty:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "9D1ACC13-1833-44B9-9629-6E149A61395A",
"versionEndExcluding": "1.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:riverbed:steelcentral_appinternals:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "CCE2DA38-E945-41EE-A11E-C0B23BCFB89C",
"versionEndExcluding": "10.21.1-bl516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:volume_service:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "BEF05596-F907-4DF6-BB67-69A6171C53A0",
"versionEndExcluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signalsciences:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "6F399A62-9A6F-442B-AB45-7C0BE9F5B5AF",
"versionEndExcluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snyk:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "40D76AE1-283E-457F-B7B4-3DB57A1ED4F8",
"versionEndExcluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solace:pubsub\\+:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "74F25242-39A9-4FB0-9929-07D27C67606A",
"versionEndExcluding": "2.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "77591548-6E7E-414F-B4BE-14399AE18CE4",
"versionEndExcluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sumologic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "AA182A4D-BB7B-4EC1-B764-B74BC56D4D7E",
"versionEndExcluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synopsys:seeker_iast_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "65756938-5D6D-431A-93BD-107604C196EB",
"versionEndExcluding": "1.2.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessworks_buildpack:*:*:*:*:container:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "1807AAE6-8F92-4A21-8836-D3C61DC58B54",
"versionEndExcluding": "2.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wavefront:wavefront_by_vmware_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "66C6C1F0-17EC-47CD-BF12-30F5F6B60BF3",
"versionEndExcluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yugabyte:db_enterprise:*:*:*:*:*:pivotal_cloud_foundry:*:*",
"matchCriteriaId": "78C34123-DE82-42BB-BD94-A8311E32A040",
"versionEndExcluding": "1.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
},
{
"lang": "es",
"value": "La CLI de CF anterior a versi\u00f3n v6.45.0 (versi\u00f3n de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuraci\u00f3n cuando el usuario se autentica con el flag --client-credentials. Un usuario malicioso autenticado local con acceso al archivo de configuraci\u00f3n de la CLI de CF puede actuar como ese cliente, quien es el propietario de las credenciales filtradas."
}
],
"id": "CVE-2019-3800",
"lastModified": "2024-11-21T04:42:33.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 3.7,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T17:15:10.960",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2019-3800"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2019-3800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-34061 (GCVE-0-2023-34061)
Vulnerability from cvelistv5 – Published: 2024-01-12 07:01 – Updated: 2025-06-03 14:05
VLAI?
Summary
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | Routing Release |
Affected:
0.163.0 , < 0.284.0
(0.284.0)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:53.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:10:19.266378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:05:36.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Routing Release",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "0.284.0",
"status": "affected",
"version": "0.163.0",
"versionType": "0.284.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CF deployment",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "33.6.0",
"status": "affected",
"version": "0.28.0",
"versionType": "33.6.0"
}
]
}
],
"datePublic": "2023-12-07T14:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:01:49.532Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-34061 \u2013 Gorouter route pruning",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34061",
"datePublished": "2024-01-12T07:01:49.532Z",
"dateReserved": "2023-05-25T17:21:56.204Z",
"dateUpdated": "2025-06-03T14:05:36.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3800 (GCVE-0-2019-3800)
Vulnerability from cvelistv5 – Published: 2019-08-05 16:38 – Updated: 2024-09-17 04:29
VLAI?
Summary
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Severity ?
6.3 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | CF CLI Release |
Affected:
v1.x before v1.16.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CF CLI Release",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "v1.x before v1.16.0"
}
]
},
{
"product": "CF CLI",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to v6.45.0"
}
]
}
],
"datePublic": "2019-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T16:38:20",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CF CLI writes the client id and secret to config file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-07-18T00:00:00.000Z",
"ID": "CVE-2019-3800",
"STATE": "PUBLIC",
"TITLE": "CF CLI writes the client id and secret to config file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CF CLI Release",
"version": {
"version_data": [
{
"version_value": "v1.x before v1.16.0"
}
]
}
},
{
"product_name": "CF CLI",
"version": {
"version_data": [
{
"version_value": "versions prior to v6.45.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"name": "https://pivotal.io/security/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3800"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3800",
"datePublished": "2019-08-05T16:38:20.424541Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:29:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34061 (GCVE-0-2023-34061)
Vulnerability from nvd – Published: 2024-01-12 07:01 – Updated: 2025-06-03 14:05
VLAI?
Summary
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | Routing Release |
Affected:
0.163.0 , < 0.284.0
(0.284.0)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:53.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:10:19.266378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:05:36.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Routing Release",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "0.284.0",
"status": "affected",
"version": "0.163.0",
"versionType": "0.284.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CF deployment",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "33.6.0",
"status": "affected",
"version": "0.28.0",
"versionType": "33.6.0"
}
]
}
],
"datePublic": "2023-12-07T14:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:01:49.532Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-34061 \u2013 Gorouter route pruning",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34061",
"datePublished": "2024-01-12T07:01:49.532Z",
"dateReserved": "2023-05-25T17:21:56.204Z",
"dateUpdated": "2025-06-03T14:05:36.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3800 (GCVE-0-2019-3800)
Vulnerability from nvd – Published: 2019-08-05 16:38 – Updated: 2024-09-17 04:29
VLAI?
Summary
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Severity ?
6.3 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | CF CLI Release |
Affected:
v1.x before v1.16.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CF CLI Release",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "v1.x before v1.16.0"
}
]
},
{
"product": "CF CLI",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to v6.45.0"
}
]
}
],
"datePublic": "2019-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T16:38:20",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CF CLI writes the client id and secret to config file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-07-18T00:00:00.000Z",
"ID": "CVE-2019-3800",
"STATE": "PUBLIC",
"TITLE": "CF CLI writes the client id and secret to config file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CF CLI Release",
"version": {
"version_data": [
{
"version_value": "v1.x before v1.16.0"
}
]
}
},
{
"product_name": "CF CLI",
"version": {
"version_data": [
{
"version_value": "versions prior to v6.45.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"name": "https://pivotal.io/security/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3800"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3800",
"datePublished": "2019-08-05T16:38:20.424541Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:29:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}