CVE-2019-3800 (GCVE-0-2019-3800)

Vulnerability from cvelistv5 – Published: 2019-08-05 16:38 – Updated: 2024-09-17 04:29
VLAI?
Summary
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Severity ?
6.3 (Medium)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE
  • CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Vendor Product Version
Cloud Foundry CF CLI Release Affected: v1.x before v1.16.0
Create a notification for this product.
    Cloud Foundry CF CLI Affected: versions prior to v6.45.0
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2019-3800"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CF CLI Release",
          "vendor": "Cloud Foundry",
          "versions": [
            {
              "status": "affected",
              "version": "v1.x before v1.16.0"
            }
          ]
        },
        {
          "product": "CF CLI",
          "vendor": "Cloud Foundry",
          "versions": [
            {
              "status": "affected",
              "version": "versions prior to v6.45.0"
            }
          ]
        }
      ],
      "datePublic": "2019-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-05T16:38:20",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2019-3800"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CF CLI  writes the client id and secret to config file",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2019-07-18T00:00:00.000Z",
          "ID": "CVE-2019-3800",
          "STATE": "PUBLIC",
          "TITLE": "CF CLI  writes the client id and secret to config file"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CF CLI Release",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v1.x before v1.16.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CF CLI",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "versions prior to v6.45.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cloud Foundry"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-522: Insufficiently Protected Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/blog/cve-2019-3800",
              "refsource": "CONFIRM",
              "url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
            },
            {
              "name": "https://pivotal.io/security/cve-2019-3800",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2019-3800"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2019-3800",
    "datePublished": "2019-08-05T16:38:20.424541Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T04:29:08.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_command_line_interface:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.45.0\", \"matchCriteriaId\": \"D4FD32DF-0EF0-4CDA-992A-FFD404A05AB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_command_line_interface_release:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.16.0\", \"matchCriteriaId\": \"04F8E5C0-449F-4E58-9113-A95D0A5E4F86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.0\", \"matchCriteriaId\": \"13D840EB-A220-4C25-8B72-3506ADB08A7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_deployment_concourse_tasks:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.3.0\", \"matchCriteriaId\": \"90B6B206-94FC-4C78-9934-671FD9F48899\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_log_cache_release:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.3.1\", \"matchCriteriaId\": \"6FC091EB-B582-4AA6-8C03-AC22248446EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_networking_release:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.23.0\", \"matchCriteriaId\": \"652F9F32-36BA-4746-B1E4-8349E90EFD13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"58\", \"matchCriteriaId\": \"949C15FF-9BBC-4505-AE49-D6846A2B6EEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.189.0\", \"matchCriteriaId\": \"6BD6293D-319B-4F5B-A53E-45327F874782\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_smoke_test:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"40.0.113\", \"matchCriteriaId\": \"B0CC085B-863D-49F7-BDC6-000E0DFCF28B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.3.0\", \"versionEndExcluding\": \"2.3.14\", \"matchCriteriaId\": \"DCA35BC9-394D-4ABB-9DA5-C167945D1A13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.4.0\", \"versionEndExcluding\": \"2.4.10\", \"matchCriteriaId\": \"5B921F25-9042-4FBD-B739-1EA2FE65DC94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.5.0\", \"versionEndExcluding\": \"2.5.6\", \"matchCriteriaId\": \"30EDADC2-4D9D-4271-BEAF-7CF3A3C0DB74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_autoscaling_release:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"219\", \"matchCriteriaId\": \"91C32CE6-5C18-40E9-9608-D15BB4E24788\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_event_alerts:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.8\", \"matchCriteriaId\": \"DA2B204A-4EA4-44A3-B27B-3336D1A9FBFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.4.0\", \"versionEndExcluding\": \"1.4.7\", \"matchCriteriaId\": \"71BC43B2-F5C3-4AFD-990F-19D364F7781E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.5.0\", \"versionEndExcluding\": \"1.5.4\", \"matchCriteriaId\": \"ED64D8C0-E124-459B-A377-71CEFF182DFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:credhub_service_broker_for_pcf:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.3.2\", \"matchCriteriaId\": \"EB1AAA37-B13F-4DBE-B2C0-3A0410C9DD3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:metric_registrar_release:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2\", \"matchCriteriaId\": \"B072EBB3-FED0-4468-A9E8-5B6E2B329D3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:on_demand_service_broker:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.29.0\", \"matchCriteriaId\": \"DA8C62A2-4B4C-40D8-8E64-6B5BC06D93BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:pivotal_cloud_foundry_service_broker:*:*:*:*:*:aws:*:*\", \"versionEndExcluding\": \"1.4.13\", \"matchCriteriaId\": \"6BCC700B-731F-42F6-9675-59C3AFC4DF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\", \"versionStartIncluding\": \"1.7.0\", \"versionEndExcluding\": \"1.7.5\", \"matchCriteriaId\": \"94632FE3-6B3C-43A6-9DC7-166A7CC909F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\", \"versionStartIncluding\": \"1.8.0\", \"versionEndExcluding\": \"1.8.4\", \"matchCriteriaId\": \"7862820E-B6FD-4820-BB47-2983D7465BC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\", \"versionStartIncluding\": \"1.9.0\", \"versionEndExcluding\": \"1.9.1\", \"matchCriteriaId\": \"CF89202E-09F7-4311-A667-3CBD066156D4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anynines:elasticsearch:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"8CDB4E4C-A0C8-4335-8EE3-1A15876CB32D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anynines:logme:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"E23C5203-CEBC-4E0A-AC84-2AC8E1568F71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anynines:mongodb:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"2AB2AFD4-8989-4A6E-9D4B-631D53CFE0D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anynines:mysql:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"9CCC2276-21BD-46EF-8AFD-42E5067448F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anynines:postgresql:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"A304D180-9C7F-4748-B891-56B4913ED853\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anynines:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"1CA8DFF1-40F0-4311-BA6E-ACEB67F58622\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anynines:redis:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"E002C51E-F5ED-4232-B756-995ABEED1DC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apigee:edge_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"3.1.3\", \"matchCriteriaId\": \"0438F2AA-B66E-4AE8-AACC-8D7FF57F18D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:appdynamics:application_analytics:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"4.7.652\", \"matchCriteriaId\": \"D53361F1-DE54-4808-B1B5-56149BABD9DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:appdynamics:application_performance_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"4.6.64\", \"matchCriteriaId\": \"44473CD4-1DF6-48EF-B317-12BD36BFF420\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:appdynamics:platform_montioring:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"4.7.712\", \"matchCriteriaId\": \"4DD01FBD-0F69-4793-8343-E5B735171C9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bluemedora:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"3.1.1\", \"matchCriteriaId\": \"ACA4480D-2A59-4DA8-A144-7EB97A570BFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:contrastsecurity:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.2.0\", \"matchCriteriaId\": \"AEC4F727-7085-4C7C-A0A8-EC77E0C6E89F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cyberark:conjur_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.1.1\", \"matchCriteriaId\": \"CF0261DA-818C-46D5-93F6-AB77154C47F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:datadoghq:application_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.7.0\", \"matchCriteriaId\": \"32C06495-7CB3-4FF5-AA1F-5F2882FD5206\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:datastax:enterprise_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.0.2\", \"matchCriteriaId\": \"AEF84CBA-E099-41AD-8B3C-D3603C409810\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dynatrace:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.4.2\", \"matchCriteriaId\": \"16849497-DD68-4C1B-BFCB-91904F2F36B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:forgerock:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.1.2\", \"matchCriteriaId\": \"E996866D-CEE3-4C0C-9011-A62BC94C4ECF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:google_cloud_platform_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"4.2.3\", \"matchCriteriaId\": \"C1F611B8-B347-4AEF-9479-80C8AC8457E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_liberty_:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"3.11.0\", \"matchCriteriaId\": \"F9339579-1F54-4065-B5A8-C51EA9D5CF6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_log_analytics_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.4.1\", \"matchCriteriaId\": \"4F38E12C-5675-4290-BE46-11F2768AABF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.4.1\", \"matchCriteriaId\": \"BE11B12D-E020-4411-A85E-589F813894E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:newrelic:dotnet_extension_buildpack:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.1.1\", \"matchCriteriaId\": \"F861138B-93A0-4E61-9205-B1505AD02C1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:newrelic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.1.17\", \"matchCriteriaId\": \"5EE16E5F-6078-4293-B0F1-020D6AF79105\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:newrelic:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.12.64\", \"matchCriteriaId\": \"436B6156-3CFA-42E8-8B8D-A142B43E1680\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pagerduty:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.2.4\", \"matchCriteriaId\": \"9D1ACC13-1833-44B9-9629-6E149A61395A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:riverbed:steelcentral_appinternals:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"10.21.1-bl516\", \"matchCriteriaId\": \"CCE2DA38-E945-41EE-A11E-C0B23BCFB89C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:volume_service:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.1.1\", \"matchCriteriaId\": \"BEF05596-F907-4DF6-BB67-69A6171C53A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:signalsciences:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.1.0\", \"matchCriteriaId\": \"6F399A62-9A6F-442B-AB45-7C0BE9F5B5AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:snyk:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.0.3\", \"matchCriteriaId\": \"40D76AE1-283E-457F-B7B4-3DB57A1ED4F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solace:pubsub\\\\+:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.3.2\", \"matchCriteriaId\": \"74F25242-39A9-4FB0-9929-07D27C67606A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.1.1\", \"matchCriteriaId\": \"77591548-6E7E-414F-B4BE-14399AE18CE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sumologic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.0.1\", \"matchCriteriaId\": \"AA182A4D-BB7B-4EC1-B764-B74BC56D4D7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:synopsys:seeker_iast_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.2.14\", \"matchCriteriaId\": \"65756938-5D6D-431A-93BD-107604C196EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:businessworks_buildpack:*:*:*:*:container:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"2.4.4\", \"matchCriteriaId\": \"1807AAE6-8F92-4A21-8836-D3C61DC58B54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wavefront:wavefront_by_vmware_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.0.2\", \"matchCriteriaId\": \"66C6C1F0-17EC-47CD-BF12-30F5F6B60BF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yugabyte:db_enterprise:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionEndExcluding\": \"1.1.8\", \"matchCriteriaId\": \"78C34123-DE82-42BB-BD94-A8311E32A040\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.\"}, {\"lang\": \"es\", \"value\": \"La CLI de CF anterior a versi\\u00f3n v6.45.0 (versi\\u00f3n de lanzamiento bosh 1.16.0),  escribe el id y el secreto del cliente hacia su archivo de configuraci\\u00f3n cuando el usuario se autentica con el flag --client-credentials. Un usuario malicioso autenticado local con acceso al archivo de configuraci\\u00f3n de la CLI de CF puede actuar como ese cliente, quien es el propietario de las credenciales filtradas.\"}]",
      "id": "CVE-2019-3800",
      "lastModified": "2024-11-21T04:42:33.957",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 3.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-08-05T17:15:10.960",
      "references": "[{\"url\": \"https://pivotal.io/security/cve-2019-3800\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.cloudfoundry.org/blog/cve-2019-3800\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2019-3800\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.cloudfoundry.org/blog/cve-2019-3800\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3800\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2019-08-05T17:15:10.960\",\"lastModified\":\"2024-11-21T04:42:33.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.\"},{\"lang\":\"es\",\"value\":\"La CLI de CF anterior a versi\u00f3n v6.45.0 (versi\u00f3n de lanzamiento bosh 1.16.0),  escribe el id y el secreto del cliente hacia su archivo de configuraci\u00f3n cuando el usuario se autentica con el flag --client-credentials. Un usuario malicioso autenticado local con acceso al archivo de configuraci\u00f3n de la CLI de CF puede actuar como ese cliente, quien es el propietario de las credenciales filtradas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.0,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_command_line_interface:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.45.0\",\"matchCriteriaId\":\"D4FD32DF-0EF0-4CDA-992A-FFD404A05AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_command_line_interface_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.16.0\",\"matchCriteriaId\":\"04F8E5C0-449F-4E58-9113-A95D0A5E4F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.0\",\"matchCriteriaId\":\"13D840EB-A220-4C25-8B72-3506ADB08A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_deployment_concourse_tasks:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.0\",\"matchCriteriaId\":\"90B6B206-94FC-4C78-9934-671FD9F48899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_log_cache_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.1\",\"matchCriteriaId\":\"6FC091EB-B582-4AA6-8C03-AC22248446EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_networking_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.23.0\",\"matchCriteriaId\":\"652F9F32-36BA-4746-B1E4-8349E90EFD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"58\",\"matchCriteriaId\":\"949C15FF-9BBC-4505-AE49-D6846A2B6EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.189.0\",\"matchCriteriaId\":\"6BD6293D-319B-4F5B-A53E-45327F874782\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_smoke_test:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"40.0.113\",\"matchCriteriaId\":\"B0CC085B-863D-49F7-BDC6-000E0DFCF28B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.14\",\"matchCriteriaId\":\"DCA35BC9-394D-4ABB-9DA5-C167945D1A13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.10\",\"matchCriteriaId\":\"5B921F25-9042-4FBD-B739-1EA2FE65DC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.6\",\"matchCriteriaId\":\"30EDADC2-4D9D-4271-BEAF-7CF3A3C0DB74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_autoscaling_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"219\",\"matchCriteriaId\":\"91C32CE6-5C18-40E9-9608-D15BB4E24788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_event_alerts:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.8\",\"matchCriteriaId\":\"DA2B204A-4EA4-44A3-B27B-3336D1A9FBFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndExcluding\":\"1.4.7\",\"matchCriteriaId\":\"71BC43B2-F5C3-4AFD-990F-19D364F7781E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndExcluding\":\"1.5.4\",\"matchCriteriaId\":\"ED64D8C0-E124-459B-A377-71CEFF182DFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:credhub_service_broker_for_pcf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"EB1AAA37-B13F-4DBE-B2C0-3A0410C9DD3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:metric_registrar_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2\",\"matchCriteriaId\":\"B072EBB3-FED0-4468-A9E8-5B6E2B329D3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:on_demand_service_broker:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.29.0\",\"matchCriteriaId\":\"DA8C62A2-4B4C-40D8-8E64-6B5BC06D93BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:pivotal_cloud_foundry_service_broker:*:*:*:*:*:aws:*:*\",\"versionEndExcluding\":\"1.4.13\",\"matchCriteriaId\":\"6BCC700B-731F-42F6-9675-59C3AFC4DF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\",\"versionStartIncluding\":\"1.7.0\",\"versionEndExcluding\":\"1.7.5\",\"matchCriteriaId\":\"94632FE3-6B3C-43A6-9DC7-166A7CC909F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\",\"versionStartIncluding\":\"1.8.0\",\"versionEndExcluding\":\"1.8.4\",\"matchCriteriaId\":\"7862820E-B6FD-4820-BB47-2983D7465BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\",\"versionStartIncluding\":\"1.9.0\",\"versionEndExcluding\":\"1.9.1\",\"matchCriteriaId\":\"CF89202E-09F7-4311-A667-3CBD066156D4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:elasticsearch:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"8CDB4E4C-A0C8-4335-8EE3-1A15876CB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:logme:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"E23C5203-CEBC-4E0A-AC84-2AC8E1568F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:mongodb:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"2AB2AFD4-8989-4A6E-9D4B-631D53CFE0D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:mysql:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"9CCC2276-21BD-46EF-8AFD-42E5067448F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:postgresql:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"A304D180-9C7F-4748-B891-56B4913ED853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"1CA8DFF1-40F0-4311-BA6E-ACEB67F58622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:redis:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"E002C51E-F5ED-4232-B756-995ABEED1DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apigee:edge_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"3.1.3\",\"matchCriteriaId\":\"0438F2AA-B66E-4AE8-AACC-8D7FF57F18D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:appdynamics:application_analytics:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"4.7.652\",\"matchCriteriaId\":\"D53361F1-DE54-4808-B1B5-56149BABD9DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:appdynamics:application_performance_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"4.6.64\",\"matchCriteriaId\":\"44473CD4-1DF6-48EF-B317-12BD36BFF420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:appdynamics:platform_montioring:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"4.7.712\",\"matchCriteriaId\":\"4DD01FBD-0F69-4793-8343-E5B735171C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bluemedora:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"3.1.1\",\"matchCriteriaId\":\"ACA4480D-2A59-4DA8-A144-7EB97A570BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:contrastsecurity:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"AEC4F727-7085-4C7C-A0A8-EC77E0C6E89F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cyberark:conjur_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"CF0261DA-818C-46D5-93F6-AB77154C47F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:datadoghq:application_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.7.0\",\"matchCriteriaId\":\"32C06495-7CB3-4FF5-AA1F-5F2882FD5206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:datastax:enterprise_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.0.2\",\"matchCriteriaId\":\"AEF84CBA-E099-41AD-8B3C-D3603C409810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dynatrace:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"16849497-DD68-4C1B-BFCB-91904F2F36B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:forgerock:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"E996866D-CEE3-4C0C-9011-A62BC94C4ECF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:google_cloud_platform_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"4.2.3\",\"matchCriteriaId\":\"C1F611B8-B347-4AEF-9479-80C8AC8457E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_liberty_:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"3.11.0\",\"matchCriteriaId\":\"F9339579-1F54-4065-B5A8-C51EA9D5CF6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_log_analytics_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.4.1\",\"matchCriteriaId\":\"4F38E12C-5675-4290-BE46-11F2768AABF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.4.1\",\"matchCriteriaId\":\"BE11B12D-E020-4411-A85E-589F813894E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:newrelic:dotnet_extension_buildpack:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"F861138B-93A0-4E61-9205-B1505AD02C1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:newrelic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.17\",\"matchCriteriaId\":\"5EE16E5F-6078-4293-B0F1-020D6AF79105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:newrelic:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.12.64\",\"matchCriteriaId\":\"436B6156-3CFA-42E8-8B8D-A142B43E1680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pagerduty:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.2.4\",\"matchCriteriaId\":\"9D1ACC13-1833-44B9-9629-6E149A61395A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:riverbed:steelcentral_appinternals:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"10.21.1-bl516\",\"matchCriteriaId\":\"CCE2DA38-E945-41EE-A11E-C0B23BCFB89C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:volume_service:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"BEF05596-F907-4DF6-BB67-69A6171C53A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:signalsciences:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.0\",\"matchCriteriaId\":\"6F399A62-9A6F-442B-AB45-7C0BE9F5B5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.0.3\",\"matchCriteriaId\":\"40D76AE1-283E-457F-B7B4-3DB57A1ED4F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solace:pubsub\\\\+:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.3.2\",\"matchCriteriaId\":\"74F25242-39A9-4FB0-9929-07D27C67606A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"77591548-6E7E-414F-B4BE-14399AE18CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sumologic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.0.1\",\"matchCriteriaId\":\"AA182A4D-BB7B-4EC1-B764-B74BC56D4D7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synopsys:seeker_iast_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.2.14\",\"matchCriteriaId\":\"65756938-5D6D-431A-93BD-107604C196EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:businessworks_buildpack:*:*:*:*:container:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.4.4\",\"matchCriteriaId\":\"1807AAE6-8F92-4A21-8836-D3C61DC58B54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wavefront:wavefront_by_vmware_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.0.2\",\"matchCriteriaId\":\"66C6C1F0-17EC-47CD-BF12-30F5F6B60BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yugabyte:db_enterprise:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.8\",\"matchCriteriaId\":\"78C34123-DE82-42BB-BD94-A8311E32A040\"}]}]}],\"references\":[{\"url\":\"https://pivotal.io/security/cve-2019-3800\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cloudfoundry.org/blog/cve-2019-3800\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2019-3800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cloudfoundry.org/blog/cve-2019-3800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.