CVE-2019-3800 (GCVE-0-2019-3800)
Vulnerability from cvelistv5 – Published: 2019-08-05 16:38 – Updated: 2024-09-17 04:29
VLAI?
Title
CF CLI writes the client id and secret to config file
Summary
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Severity ?
6.3 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | CF CLI Release |
Affected:
v1.x before v1.16.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CF CLI Release",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "v1.x before v1.16.0"
}
]
},
{
"product": "CF CLI",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to v6.45.0"
}
]
}
],
"datePublic": "2019-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T16:38:20",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3800"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CF CLI writes the client id and secret to config file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-07-18T00:00:00.000Z",
"ID": "CVE-2019-3800",
"STATE": "PUBLIC",
"TITLE": "CF CLI writes the client id and secret to config file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CF CLI Release",
"version": {
"version_data": [
{
"version_value": "v1.x before v1.16.0"
}
]
}
},
{
"product_name": "CF CLI",
"version": {
"version_data": [
{
"version_value": "versions prior to v6.45.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3800"
},
{
"name": "https://pivotal.io/security/cve-2019-3800",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3800"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3800",
"datePublished": "2019-08-05T16:38:20.424541Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:29:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-3800\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2019-08-05T17:15:10.960\",\"lastModified\":\"2024-11-21T04:42:33.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.\"},{\"lang\":\"es\",\"value\":\"La CLI de CF anterior a versi\u00f3n v6.45.0 (versi\u00f3n de lanzamiento bosh 1.16.0), escribe el id y el secreto del cliente hacia su archivo de configuraci\u00f3n cuando el usuario se autentica con el flag --client-credentials. Un usuario malicioso autenticado local con acceso al archivo de configuraci\u00f3n de la CLI de CF puede actuar como ese cliente, quien es el propietario de las credenciales filtradas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.0,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_command_line_interface:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.45.0\",\"matchCriteriaId\":\"D4FD32DF-0EF0-4CDA-992A-FFD404A05AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_command_line_interface_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.16.0\",\"matchCriteriaId\":\"04F8E5C0-449F-4E58-9113-A95D0A5E4F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.0\",\"matchCriteriaId\":\"13D840EB-A220-4C25-8B72-3506ADB08A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_deployment_concourse_tasks:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.0\",\"matchCriteriaId\":\"90B6B206-94FC-4C78-9934-671FD9F48899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_log_cache_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.1\",\"matchCriteriaId\":\"6FC091EB-B582-4AA6-8C03-AC22248446EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_networking_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.23.0\",\"matchCriteriaId\":\"652F9F32-36BA-4746-B1E4-8349E90EFD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"58\",\"matchCriteriaId\":\"949C15FF-9BBC-4505-AE49-D6846A2B6EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.189.0\",\"matchCriteriaId\":\"6BD6293D-319B-4F5B-A53E-45327F874782\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_smoke_test:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"40.0.113\",\"matchCriteriaId\":\"B0CC085B-863D-49F7-BDC6-000E0DFCF28B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.14\",\"matchCriteriaId\":\"DCA35BC9-394D-4ABB-9DA5-C167945D1A13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.4.0\",\"versionEndExcluding\":\"2.4.10\",\"matchCriteriaId\":\"5B921F25-9042-4FBD-B739-1EA2FE65DC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.0\",\"versionEndExcluding\":\"2.5.6\",\"matchCriteriaId\":\"30EDADC2-4D9D-4271-BEAF-7CF3A3C0DB74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_autoscaling_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"219\",\"matchCriteriaId\":\"91C32CE6-5C18-40E9-9608-D15BB4E24788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_event_alerts:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.8\",\"matchCriteriaId\":\"DA2B204A-4EA4-44A3-B27B-3336D1A9FBFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndExcluding\":\"1.4.7\",\"matchCriteriaId\":\"71BC43B2-F5C3-4AFD-990F-19D364F7781E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndExcluding\":\"1.5.4\",\"matchCriteriaId\":\"ED64D8C0-E124-459B-A377-71CEFF182DFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:credhub_service_broker_for_pcf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"EB1AAA37-B13F-4DBE-B2C0-3A0410C9DD3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:metric_registrar_release:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2\",\"matchCriteriaId\":\"B072EBB3-FED0-4468-A9E8-5B6E2B329D3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:on_demand_service_broker:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.29.0\",\"matchCriteriaId\":\"DA8C62A2-4B4C-40D8-8E64-6B5BC06D93BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:pivotal_cloud_foundry_service_broker:*:*:*:*:*:aws:*:*\",\"versionEndExcluding\":\"1.4.13\",\"matchCriteriaId\":\"6BCC700B-731F-42F6-9675-59C3AFC4DF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\",\"versionStartIncluding\":\"1.7.0\",\"versionEndExcluding\":\"1.7.5\",\"matchCriteriaId\":\"94632FE3-6B3C-43A6-9DC7-166A7CC909F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\",\"versionStartIncluding\":\"1.8.0\",\"versionEndExcluding\":\"1.8.4\",\"matchCriteriaId\":\"7862820E-B6FD-4820-BB47-2983D7465BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*\",\"versionStartIncluding\":\"1.9.0\",\"versionEndExcluding\":\"1.9.1\",\"matchCriteriaId\":\"CF89202E-09F7-4311-A667-3CBD066156D4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:elasticsearch:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"8CDB4E4C-A0C8-4335-8EE3-1A15876CB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:logme:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"E23C5203-CEBC-4E0A-AC84-2AC8E1568F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:mongodb:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"2AB2AFD4-8989-4A6E-9D4B-631D53CFE0D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:mysql:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"9CCC2276-21BD-46EF-8AFD-42E5067448F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:postgresql:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"A304D180-9C7F-4748-B891-56B4913ED853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"1CA8DFF1-40F0-4311-BA6E-ACEB67F58622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anynines:redis:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"E002C51E-F5ED-4232-B756-995ABEED1DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apigee:edge_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"3.1.3\",\"matchCriteriaId\":\"0438F2AA-B66E-4AE8-AACC-8D7FF57F18D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:appdynamics:application_analytics:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"4.7.652\",\"matchCriteriaId\":\"D53361F1-DE54-4808-B1B5-56149BABD9DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:appdynamics:application_performance_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"4.6.64\",\"matchCriteriaId\":\"44473CD4-1DF6-48EF-B317-12BD36BFF420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:appdynamics:platform_montioring:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"4.7.712\",\"matchCriteriaId\":\"4DD01FBD-0F69-4793-8343-E5B735171C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bluemedora:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"3.1.1\",\"matchCriteriaId\":\"ACA4480D-2A59-4DA8-A144-7EB97A570BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:contrastsecurity:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"AEC4F727-7085-4C7C-A0A8-EC77E0C6E89F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cyberark:conjur_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"CF0261DA-818C-46D5-93F6-AB77154C47F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:datadoghq:application_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.7.0\",\"matchCriteriaId\":\"32C06495-7CB3-4FF5-AA1F-5F2882FD5206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:datastax:enterprise_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.0.2\",\"matchCriteriaId\":\"AEF84CBA-E099-41AD-8B3C-D3603C409810\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dynatrace:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.4.2\",\"matchCriteriaId\":\"16849497-DD68-4C1B-BFCB-91904F2F36B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:forgerock:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.1.2\",\"matchCriteriaId\":\"E996866D-CEE3-4C0C-9011-A62BC94C4ECF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:google_cloud_platform_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"4.2.3\",\"matchCriteriaId\":\"C1F611B8-B347-4AEF-9479-80C8AC8457E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_liberty_:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"3.11.0\",\"matchCriteriaId\":\"F9339579-1F54-4065-B5A8-C51EA9D5CF6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_log_analytics_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.4.1\",\"matchCriteriaId\":\"4F38E12C-5675-4290-BE46-11F2768AABF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.4.1\",\"matchCriteriaId\":\"BE11B12D-E020-4411-A85E-589F813894E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:newrelic:dotnet_extension_buildpack:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"F861138B-93A0-4E61-9205-B1505AD02C1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:newrelic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.17\",\"matchCriteriaId\":\"5EE16E5F-6078-4293-B0F1-020D6AF79105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:newrelic:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.12.64\",\"matchCriteriaId\":\"436B6156-3CFA-42E8-8B8D-A142B43E1680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pagerduty:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.2.4\",\"matchCriteriaId\":\"9D1ACC13-1833-44B9-9629-6E149A61395A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:riverbed:steelcentral_appinternals:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"10.21.1-bl516\",\"matchCriteriaId\":\"CCE2DA38-E945-41EE-A11E-C0B23BCFB89C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:volume_service:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"BEF05596-F907-4DF6-BB67-69A6171C53A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:signalsciences:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.0\",\"matchCriteriaId\":\"6F399A62-9A6F-442B-AB45-7C0BE9F5B5AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snyk:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.0.3\",\"matchCriteriaId\":\"40D76AE1-283E-457F-B7B4-3DB57A1ED4F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solace:pubsub\\\\+:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.3.2\",\"matchCriteriaId\":\"74F25242-39A9-4FB0-9929-07D27C67606A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.1\",\"matchCriteriaId\":\"77591548-6E7E-414F-B4BE-14399AE18CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sumologic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.0.1\",\"matchCriteriaId\":\"AA182A4D-BB7B-4EC1-B764-B74BC56D4D7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synopsys:seeker_iast_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.2.14\",\"matchCriteriaId\":\"65756938-5D6D-431A-93BD-107604C196EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:businessworks_buildpack:*:*:*:*:container:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"2.4.4\",\"matchCriteriaId\":\"1807AAE6-8F92-4A21-8836-D3C61DC58B54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wavefront:wavefront_by_vmware_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.0.2\",\"matchCriteriaId\":\"66C6C1F0-17EC-47CD-BF12-30F5F6B60BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yugabyte:db_enterprise:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionEndExcluding\":\"1.1.8\",\"matchCriteriaId\":\"78C34123-DE82-42BB-BD94-A8311E32A040\"}]}]}],\"references\":[{\"url\":\"https://pivotal.io/security/cve-2019-3800\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cloudfoundry.org/blog/cve-2019-3800\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2019-3800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cloudfoundry.org/blog/cve-2019-3800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…