CVE-2019-3800
05.08.2019, 17:15
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.Enginsight
| Vendor | Product | Version |
|---|---|---|
| pivotal | cloud_foundry_command_line_interface | 𝑥 < 6.45.0 |
| pivotal | cloud_foundry_command_line_interface_release | 𝑥 < 1.16.0 |
| pivotal | cloud_foundry_deployment | 𝑥 < 10.0.0 |
| pivotal | cloud_foundry_deployment_concourse_tasks | 𝑥 < 9.3.0 |
| pivotal | cloud_foundry_log_cache_release | 𝑥 < 2.3.1 |
| pivotal | cloud_foundry_networking_release | 𝑥 < 2.23.0 |
| pivotal | cloud_foundry_notifications | 𝑥 < 58 |
| pivotal | cloud_foundry_routing_release | 𝑥 < 0.189.0 |
| pivotal | cloud_foundry_smoke_test | 𝑥 < 40.0.113 |
| pivotal | application_service | 2.3.0 ≤ 𝑥 < 2.3.14 |
| pivotal | application_service | 2.4.0 ≤ 𝑥 < 2.4.10 |
| pivotal | application_service | 2.5.0 ≤ 𝑥 < 2.5.6 |
| pivotal | cloud_foundry_autoscaling_release | 𝑥 < 219 |
| pivotal | cloud_foundry_event_alerts | 𝑥 < 1.2.8 |
| pivotal | cloud_foundry_healthwatch | 1.4.0 ≤ 𝑥 < 1.4.7 |
| pivotal | cloud_foundry_healthwatch | 1.5.0 ≤ 𝑥 < 1.5.4 |
| pivotal | credhub_service_broker_for_pcf | 𝑥 < 1.3.2 |
| pivotal | metric_registrar_release | 𝑥 < 1.2 |
| pivotal | on_demand_service_broker | 𝑥 < 0.29.0 |
| pivotal | pivotal_cloud_foundry_service_broker | 𝑥 < 1.4.13 |
| pivotal | single_sign-on | 1.7.0 ≤ 𝑥 < 1.7.5 |
| pivotal | single_sign-on | 1.8.0 ≤ 𝑥 < 1.8.4 |
| pivotal | single_sign-on | 1.9.0 ≤ 𝑥 < 1.9.1 |
| anynines | elasticsearch | 𝑥 < 2.1.2 |
| anynines | logme | 𝑥 < 2.1.2 |
| anynines | mongodb | 𝑥 < 2.1.2 |
| anynines | mysql | 𝑥 < 2.1.2 |
| anynines | postgresql | 𝑥 < 2.1.2 |
| anynines | rabbitmq | 𝑥 < 2.1.2 |
| anynines | redis | 𝑥 < 2.1.2 |
| apigee | edge_service_broker | 𝑥 < 3.1.3 |
| appdynamics | application_analytics | 𝑥 < 4.7.652 |
| appdynamics | application_performance_monitoring | 𝑥 < 4.6.64 |
| appdynamics | platform_montioring | 𝑥 < 4.7.712 |
| bluemedora | nozzle | 𝑥 < 3.1.1 |
| contrastsecurity | service_broker | 𝑥 < 2.2.0 |
| cyberark | conjur_service_broker | 𝑥 < 1.1.1 |
| datadoghq | application_monitoring | 𝑥 < 1.7.0 |
| datastax | enterprise_service_broker | 𝑥 < 1.0.2 |
| dynatrace | service_broker | 𝑥 < 1.4.2 |
| forgerock | service_broker | 𝑥 < 2.1.2 |
| google_cloud_platform_service_broker | 𝑥 < 4.2.3 | |
| ibm | websphere_liberty_ | 𝑥 < 3.11.0 |
| microsoft | azure_log_analytics_nozzle | 𝑥 < 1.4.1 |
| microsoft | azure_service_broker | 𝑥 < 1.4.1 |
| newrelic | dotnet_extension_buildpack | 𝑥 < 1.1.1 |
| newrelic | nozzle | 𝑥 < 1.1.17 |
| newrelic | service_broker | 𝑥 < 1.12.64 |
| pagerduty | service_broker | 𝑥 < 1.2.4 |
| riverbed | steelcentral_appinternals | 𝑥 < 10.21.1-bl516 |
| samba | volume_service | 𝑥 < 1.1.1 |
| signalsciences | service_broker | 𝑥 < 1.1.0 |
| snyk | service_broker | 𝑥 < 1.0.3 |
| solace | pubsub\+ | 𝑥 < 2.3.2 |
| splunk | nozzle | 𝑥 < 1.1.1 |
| sumologic | nozzle | 𝑥 < 1.0.1 |
| synopsys | seeker_iast_service_broker | 𝑥 < 1.2.14 |
| tibco | businessworks_buildpack | 𝑥 < 2.4.4 |
| wavefront | wavefront_by_vmware_nozzle | 𝑥 < 1.0.2 |
| yugabyte | db_enterprise | 𝑥 < 1.1.8 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.