CVE-2019-3800
CF CLI writes the client id and secret to config file
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
La CLI de CF anterior a versión v6.45.0 (versión de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuración cuando el usuario se autentica con el flag --client-credentials. Un usuario malicioso autenticado local con acceso al archivo de configuración de la CLI de CF puede actuar como ese cliente, quien es el propietario de las credenciales filtradas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-03 CVE Reserved
- 2019-08-05 CVE Published
- 2024-04-03 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://pivotal.io/security/cve-2019-3800 | 2019-10-09 | |
| https://www.cloudfoundry.org/blog/cve-2019-3800 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pivotal Search vendor "Pivotal" | Cloud Foundry Command Line Interface Search vendor "Pivotal" for product "Cloud Foundry Command Line Interface" | < 6.45.0 Search vendor "Pivotal" for product "Cloud Foundry Command Line Interface" and version " < 6.45.0" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Command Line Interface Release Search vendor "Pivotal" for product "Cloud Foundry Command Line Interface Release" | < 1.16.0 Search vendor "Pivotal" for product "Cloud Foundry Command Line Interface Release" and version " < 1.16.0" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Deployment Search vendor "Pivotal" for product "Cloud Foundry Deployment" | < 10.0.0 Search vendor "Pivotal" for product "Cloud Foundry Deployment" and version " < 10.0.0" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Deployment Concourse Tasks Search vendor "Pivotal" for product "Cloud Foundry Deployment Concourse Tasks" | < 9.3.0 Search vendor "Pivotal" for product "Cloud Foundry Deployment Concourse Tasks" and version " < 9.3.0" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Log Cache Release Search vendor "Pivotal" for product "Cloud Foundry Log Cache Release" | < 2.3.1 Search vendor "Pivotal" for product "Cloud Foundry Log Cache Release" and version " < 2.3.1" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Networking Release Search vendor "Pivotal" for product "Cloud Foundry Networking Release" | < 2.23.0 Search vendor "Pivotal" for product "Cloud Foundry Networking Release" and version " < 2.23.0" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Notifications Search vendor "Pivotal" for product "Cloud Foundry Notifications" | < 58 Search vendor "Pivotal" for product "Cloud Foundry Notifications" and version " < 58" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Routing Release Search vendor "Pivotal" for product "Cloud Foundry Routing Release" | < 0.189.0 Search vendor "Pivotal" for product "Cloud Foundry Routing Release" and version " < 0.189.0" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Smoke Test Search vendor "Pivotal" for product "Cloud Foundry Smoke Test" | < 40.0.113 Search vendor "Pivotal" for product "Cloud Foundry Smoke Test" and version " < 40.0.113" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Application Service Search vendor "Pivotal" for product "Application Service" | >= 2.3.0 < 2.3.14 Search vendor "Pivotal" for product "Application Service" and version " >= 2.3.0 < 2.3.14" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Application Service Search vendor "Pivotal" for product "Application Service" | >= 2.4.0 < 2.4.10 Search vendor "Pivotal" for product "Application Service" and version " >= 2.4.0 < 2.4.10" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Application Service Search vendor "Pivotal" for product "Application Service" | >= 2.5.0 < 2.5.6 Search vendor "Pivotal" for product "Application Service" and version " >= 2.5.0 < 2.5.6" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Autoscaling Release Search vendor "Pivotal" for product "Cloud Foundry Autoscaling Release" | < 219 Search vendor "Pivotal" for product "Cloud Foundry Autoscaling Release" and version " < 219" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Event Alerts Search vendor "Pivotal" for product "Cloud Foundry Event Alerts" | < 1.2.8 Search vendor "Pivotal" for product "Cloud Foundry Event Alerts" and version " < 1.2.8" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Healthwatch Search vendor "Pivotal" for product "Cloud Foundry Healthwatch" | >= 1.4.0 < 1.4.7 Search vendor "Pivotal" for product "Cloud Foundry Healthwatch" and version " >= 1.4.0 < 1.4.7" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Cloud Foundry Healthwatch Search vendor "Pivotal" for product "Cloud Foundry Healthwatch" | >= 1.5.0 < 1.5.4 Search vendor "Pivotal" for product "Cloud Foundry Healthwatch" and version " >= 1.5.0 < 1.5.4" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Credhub Service Broker For Pcf Search vendor "Pivotal" for product "Credhub Service Broker For Pcf" | < 1.3.2 Search vendor "Pivotal" for product "Credhub Service Broker For Pcf" and version " < 1.3.2" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Metric Registrar Release Search vendor "Pivotal" for product "Metric Registrar Release" | < 1.2 Search vendor "Pivotal" for product "Metric Registrar Release" and version " < 1.2" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | On Demand Service Broker Search vendor "Pivotal" for product "On Demand Service Broker" | < 0.29.0 Search vendor "Pivotal" for product "On Demand Service Broker" and version " < 0.29.0" | - |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Pivotal Cloud Foundry Service Broker Search vendor "Pivotal" for product "Pivotal Cloud Foundry Service Broker" | < 1.4.13 Search vendor "Pivotal" for product "Pivotal Cloud Foundry Service Broker" and version " < 1.4.13" | aws |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Single Sign-on Search vendor "Pivotal" for product "Single Sign-on" | >= 1.7.0 < 1.7.5 Search vendor "Pivotal" for product "Single Sign-on" and version " >= 1.7.0 < 1.7.5" | cloud_foundry |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Single Sign-on Search vendor "Pivotal" for product "Single Sign-on" | >= 1.8.0 < 1.8.4 Search vendor "Pivotal" for product "Single Sign-on" and version " >= 1.8.0 < 1.8.4" | cloud_foundry |
Affected
| ||||||
| Pivotal Search vendor "Pivotal" | Single Sign-on Search vendor "Pivotal" for product "Single Sign-on" | >= 1.9.0 < 1.9.1 Search vendor "Pivotal" for product "Single Sign-on" and version " >= 1.9.0 < 1.9.1" | cloud_foundry |
Affected
| ||||||
| Anynines Search vendor "Anynines" | Elasticsearch Search vendor "Anynines" for product "Elasticsearch" | < 2.1.2 Search vendor "Anynines" for product "Elasticsearch" and version " < 2.1.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Anynines Search vendor "Anynines" | Logme Search vendor "Anynines" for product "Logme" | < 2.1.2 Search vendor "Anynines" for product "Logme" and version " < 2.1.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Anynines Search vendor "Anynines" | Mongodb Search vendor "Anynines" for product "Mongodb" | < 2.1.2 Search vendor "Anynines" for product "Mongodb" and version " < 2.1.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Anynines Search vendor "Anynines" | Mysql Search vendor "Anynines" for product "Mysql" | < 2.1.2 Search vendor "Anynines" for product "Mysql" and version " < 2.1.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Anynines Search vendor "Anynines" | Postgresql Search vendor "Anynines" for product "Postgresql" | < 2.1.2 Search vendor "Anynines" for product "Postgresql" and version " < 2.1.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Anynines Search vendor "Anynines" | Rabbitmq Search vendor "Anynines" for product "Rabbitmq" | < 2.1.2 Search vendor "Anynines" for product "Rabbitmq" and version " < 2.1.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Anynines Search vendor "Anynines" | Redis Search vendor "Anynines" for product "Redis" | < 2.1.2 Search vendor "Anynines" for product "Redis" and version " < 2.1.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Apigee Search vendor "Apigee" | Edge Service Broker Search vendor "Apigee" for product "Edge Service Broker" | < 3.1.3 Search vendor "Apigee" for product "Edge Service Broker" and version " < 3.1.3" | pivotal_cloud_foundry |
Affected
| ||||||
| Appdynamics Search vendor "Appdynamics" | Application Analytics Search vendor "Appdynamics" for product "Application Analytics" | < 4.7.652 Search vendor "Appdynamics" for product "Application Analytics" and version " < 4.7.652" | pivotal_cloud_foundry |
Affected
| ||||||
| Appdynamics Search vendor "Appdynamics" | Application Performance Monitoring Search vendor "Appdynamics" for product "Application Performance Monitoring" | < 4.6.64 Search vendor "Appdynamics" for product "Application Performance Monitoring" and version " < 4.6.64" | pivotal_cloud_foundry |
Affected
| ||||||
| Appdynamics Search vendor "Appdynamics" | Platform Montioring Search vendor "Appdynamics" for product "Platform Montioring" | < 4.7.712 Search vendor "Appdynamics" for product "Platform Montioring" and version " < 4.7.712" | pivotal_cloud_foundry |
Affected
| ||||||
| Bluemedora Search vendor "Bluemedora" | Nozzle Search vendor "Bluemedora" for product "Nozzle" | < 3.1.1 Search vendor "Bluemedora" for product "Nozzle" and version " < 3.1.1" | pivotal_cloud_foundry |
Affected
| ||||||
| Contrastsecurity Search vendor "Contrastsecurity" | Service Broker Search vendor "Contrastsecurity" for product "Service Broker" | < 2.2.0 Search vendor "Contrastsecurity" for product "Service Broker" and version " < 2.2.0" | pivotal_cloud_foundry |
Affected
| ||||||
| Cyberark Search vendor "Cyberark" | Conjur Service Broker Search vendor "Cyberark" for product "Conjur Service Broker" | < 1.1.1 Search vendor "Cyberark" for product "Conjur Service Broker" and version " < 1.1.1" | pivotal_cloud_foundry |
Affected
| ||||||
| Datadoghq Search vendor "Datadoghq" | Application Monitoring Search vendor "Datadoghq" for product "Application Monitoring" | < 1.7.0 Search vendor "Datadoghq" for product "Application Monitoring" and version " < 1.7.0" | pivotal_cloud_foundry |
Affected
| ||||||
| Datastax Search vendor "Datastax" | Enterprise Service Broker Search vendor "Datastax" for product "Enterprise Service Broker" | < 1.0.2 Search vendor "Datastax" for product "Enterprise Service Broker" and version " < 1.0.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Dynatrace Search vendor "Dynatrace" | Service Broker Search vendor "Dynatrace" for product "Service Broker" | < 1.4.2 Search vendor "Dynatrace" for product "Service Broker" and version " < 1.4.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Forgerock Search vendor "Forgerock" | Service Broker Search vendor "Forgerock" for product "Service Broker" | < 2.1.2 Search vendor "Forgerock" for product "Service Broker" and version " < 2.1.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Google Search vendor "Google" | Google Cloud Platform Service Broker Search vendor "Google" for product "Google Cloud Platform Service Broker" | < 4.2.3 Search vendor "Google" for product "Google Cloud Platform Service Broker" and version " < 4.2.3" | pivotal_cloud_foundry |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Websphere Liberty Search vendor "Ibm" for product "Websphere Liberty " | < 3.11.0 Search vendor "Ibm" for product "Websphere Liberty " and version " < 3.11.0" | pivotal_cloud_foundry |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Azure Log Analytics Nozzle Search vendor "Microsoft" for product "Azure Log Analytics Nozzle" | < 1.4.1 Search vendor "Microsoft" for product "Azure Log Analytics Nozzle" and version " < 1.4.1" | pivotal_cloud_foundry |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Azure Service Broker Search vendor "Microsoft" for product "Azure Service Broker" | < 1.4.1 Search vendor "Microsoft" for product "Azure Service Broker" and version " < 1.4.1" | pivotal_cloud_foundry |
Affected
| ||||||
| Newrelic Search vendor "Newrelic" | Dotnet Extension Buildpack Search vendor "Newrelic" for product "Dotnet Extension Buildpack" | < 1.1.1 Search vendor "Newrelic" for product "Dotnet Extension Buildpack" and version " < 1.1.1" | pivotal_cloud_foundry |
Affected
| ||||||
| Newrelic Search vendor "Newrelic" | Nozzle Search vendor "Newrelic" for product "Nozzle" | < 1.1.17 Search vendor "Newrelic" for product "Nozzle" and version " < 1.1.17" | pivotal_cloud_foundry |
Affected
| ||||||
| Newrelic Search vendor "Newrelic" | Service Broker Search vendor "Newrelic" for product "Service Broker" | < 1.12.64 Search vendor "Newrelic" for product "Service Broker" and version " < 1.12.64" | pivotal_cloud_foundry |
Affected
| ||||||
| Pagerduty Search vendor "Pagerduty" | Service Broker Search vendor "Pagerduty" for product "Service Broker" | < 1.2.4 Search vendor "Pagerduty" for product "Service Broker" and version " < 1.2.4" | pivotal_cloud_foundry |
Affected
| ||||||
| Riverbed Search vendor "Riverbed" | Steelcentral Appinternals Search vendor "Riverbed" for product "Steelcentral Appinternals" | < 10.21.1-bl516 Search vendor "Riverbed" for product "Steelcentral Appinternals" and version " < 10.21.1-bl516" | pivotal_cloud_foundry |
Affected
| ||||||
| Samba Search vendor "Samba" | Volume Service Search vendor "Samba" for product "Volume Service" | < 1.1.1 Search vendor "Samba" for product "Volume Service" and version " < 1.1.1" | pivotal_cloud_foundry |
Affected
| ||||||
| Signalsciences Search vendor "Signalsciences" | Service Broker Search vendor "Signalsciences" for product "Service Broker" | < 1.1.0 Search vendor "Signalsciences" for product "Service Broker" and version " < 1.1.0" | pivotal_cloud_foundry |
Affected
| ||||||
| Snyk Search vendor "Snyk" | Service Broker Search vendor "Snyk" for product "Service Broker" | < 1.0.3 Search vendor "Snyk" for product "Service Broker" and version " < 1.0.3" | pivotal_cloud_foundry |
Affected
| ||||||
| Solace Search vendor "Solace" | Pubsub\+ Search vendor "Solace" for product "Pubsub\+" | < 2.3.2 Search vendor "Solace" for product "Pubsub\+" and version " < 2.3.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Nozzle Search vendor "Splunk" for product "Nozzle" | < 1.1.1 Search vendor "Splunk" for product "Nozzle" and version " < 1.1.1" | pivotal_cloud_foundry |
Affected
| ||||||
| Sumologic Search vendor "Sumologic" | Nozzle Search vendor "Sumologic" for product "Nozzle" | < 1.0.1 Search vendor "Sumologic" for product "Nozzle" and version " < 1.0.1" | pivotal_cloud_foundry |
Affected
| ||||||
| Synopsys Search vendor "Synopsys" | Seeker Iast Service Broker Search vendor "Synopsys" for product "Seeker Iast Service Broker" | < 1.2.14 Search vendor "Synopsys" for product "Seeker Iast Service Broker" and version " < 1.2.14" | pivotal_cloud_foundry |
Affected
| ||||||
| Tibco Search vendor "Tibco" | Businessworks Buildpack Search vendor "Tibco" for product "Businessworks Buildpack" | < 2.4.4 Search vendor "Tibco" for product "Businessworks Buildpack" and version " < 2.4.4" | container, pivotal_cloud_foundry |
Affected
| ||||||
| Wavefront Search vendor "Wavefront" | Wavefront By Vmware Nozzle Search vendor "Wavefront" for product "Wavefront By Vmware Nozzle" | < 1.0.2 Search vendor "Wavefront" for product "Wavefront By Vmware Nozzle" and version " < 1.0.2" | pivotal_cloud_foundry |
Affected
| ||||||
| Yugabyte Search vendor "Yugabyte" | Db Enterprise Search vendor "Yugabyte" for product "Db Enterprise" | < 1.1.8 Search vendor "Yugabyte" for product "Db Enterprise" and version " < 1.1.8" | pivotal_cloud_foundry |
Affected
| ||||||