Lucene search

[email protected]NVD:CVE-2019-3782

HistoryFeb 13, 2019 - 4:29 p.m.

CVE-2019-3782

2019-02-1316:29:00

CWE-522

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.

Affected configurations

Nvd

Node

cloudfoundrycredhub_cliRange<2.2.1

VendorProductVersionCPE
cloudfoundrycredhub_cli*cpe:2.3:a:cloudfoundry:credhub_cli:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudfoundry	credhub_cli	*	cpe:2.3:a:cloudfoundry:credhub_cli::::::::

References

www.securityfocus.com/bid/107038

www.cloudfoundry.org/blog/cve-2019-3782

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2019-3782

cloudfoundry1 prion1 cvelist1 osv1 cve1