CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7649 – Directory Traversal
https://notcve.org/view.php?id=CVE-2020-7649
25 Jul 2022 — This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. Esto afecta al paquete snyk-broker versiones anteriores a 4.73.0. Permite una lectura arbitraria de archivos para usuarios con acceso a la red interna de Snyk por medio de un salto de directorio • https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-3800 – CF CLI writes the client id and secret to config file
https://notcve.org/view.php?id=CVE-2019-3800
05 Aug 2019 — CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. La CLI de CF anterior a versión v6.45.0 (versión de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuración cuando el usuario se autentica con el flag --... • https://pivotal.io/security/cve-2019-3800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •