CVE-2019-3800

moderate-risk

Published 2019-08-05

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Cloud Foundry Command Line Interface

Cloud Foundry Command Line Interface Release

Cloud Foundry Deployment

Cloud Foundry Deployment Concourse Tasks

Cloud Foundry Log Cache Release

Cloud Foundry Networking Release

Cloud Foundry Notifications

Cloud Foundry Routing Release

Cloud Foundry Smoke Test

Application Service

Cloud Foundry Autoscaling Release

Cloud Foundry Event Alerts

Cloud Foundry Healthwatch

Credhub Service Broker For Pcf

Metric Registrar Release

On Demand Service Broker

Pivotal Cloud Foundry Service Broker

Single Sign-On

Elasticsearch

Logme

Affected Vendors

Ibm Microsoft Samba Google Tibco Splunk Newrelic Riverbed Forgerock Pivotal Cyberark Pagerduty Anynines Apigee Appdynamics Bluemedora Contrastsecurity Datadoghq Datastax Dynatrace Signalsciences Snyk Solace Sumologic Synopsys Wavefront Yugabyte

References (4)

Vendor Advisory https://pivotal.io/security/cve-2019-3800

Vendor Advisory https://www.cloudfoundry.org/blog/cve-2019-3800

Vendor Advisory https://pivotal.io/security/cve-2019-3800

Vendor Advisory https://www.cloudfoundry.org/blog/cve-2019-3800

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 26/34 · High