CVE-2019-3790
Ops Manager uaa client issues tokens after refresh token expiration
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
El Pivotal Ops Manager, versiones 2.2.x anteriores a 2.2.23, 2.3.x versiones anteriores a 2.3.16, 2.4.x versiones anteriores a 2.4.11, y 2.5.x versiones anteriores a 2.5.3, contienen configuraciones que eluden actualizar el vencimiento del token. Un usuario identificado de forma remota puede obtener acceso a una sesiĆ³n del navegador que supuestamente ha caducado y acceder a los recursos de Ops Manager.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-06-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-324: Use of a Key Past its Expiration Date
- CWE-613: Insufficient Session Expiration
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/108512 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://pivotal.io/security/cve-2019-3790 | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pivotal Software Search vendor "Pivotal Software" | Operations Manager Search vendor "Pivotal Software" for product "Operations Manager" | >= 2.2.0 < 2.2.23 Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.2.0 < 2.2.23" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Operations Manager Search vendor "Pivotal Software" for product "Operations Manager" | >= 2.3.0 < 2.3.16 Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.3.0 < 2.3.16" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Operations Manager Search vendor "Pivotal Software" for product "Operations Manager" | >= 2.4.0 < 2.4.11 Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.4.0 < 2.4.11" | - |
Affected
| ||||||
Pivotal Software Search vendor "Pivotal Software" | Operations Manager Search vendor "Pivotal Software" for product "Operations Manager" | >= 2.5.0 < 2.5.3 Search vendor "Pivotal Software" for product "Operations Manager" and version " >= 2.5.0 < 2.5.3" | - |
Affected
|