Lucene search
Cloud FoundryCFOUNDRY:F930C0D1303FFE940E60B2FC042504CEHistoryFeb 14, 2019 - 12:00 a.m.
CVE-2019-3780: Cloud Foundry Container Runtime Leaks IAAS Credentials | Cloud Foundry
2019-02-1400:00:00
Cloud Foundry
www.cloudfoundry.org
17
0.001 Low
EPSS
Percentile
41.4%
Severity
Critical
Vendor
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- Cloud Foundry Container Runtime (CFCR)
- All versions prior to v0.28.0
Description
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- Cloud Foundry Container Runtime (CFCR)
- Upgrade All versions to v0.28.0 or greater
Credit
This issue was responsibly reported by Swisscom.
History
2019-02-14: Initial vulnerability report published.
Related
nvd
nvd
CVE-2019-3780
2019-03-08 16:29:00
cve
cve
CVE-2019-3780
2019-03-08 16:29:00
cvelist
cvelist
CVE-2019-3780 Cloud Foundry Container Runtime Leaks IAAS Credentials
2019-02-14 00:00:00
prion
prion
Design/Logic Flaw
2019-03-08 16:29:00
osv
osv
CVE-2019-3780
2019-03-08 16:29:00