Lucene search
+L

5 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.8 views

SUSE CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

7.8CVSS6.6AI score0.02088EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 9:16 p.m.16 views

Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI

Summary Default embedded CF CLI in IBM Cloud CLI version prior to 0.20.0 contains a security vulnerability which might expose customer credentials. Vulnerability Details CVEID: CVE-2019-3800 DESCRIPTION: CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret t...

7.8CVSS0.6AI score0.02088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/11/24 1:4 p.m.25 views

Security Bulletin: Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-3800)

Summary Security Vulnerability affects Cloud Foundry for IBM Cloud Private Vulnerability Details CVEID: CVE-2019-3800 DESCRIPTION: Pivotal Cloud Foundry CL could allow a local authenticated attacker to obtain sensitive information, caused by storing sensitive information in the config when user...

7.8CVSS0.6AI score0.02088EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2019/08/05 4:38 p.m.30 views

CVE-2019-3800 CF CLI writes the client id and secret to config file

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

6.3CVSS7.5AI score0.02088EPSS
Exploits0References2
CVE
CVE
added 2019/08/05 4:38 p.m.91 views

CVE-2019-3800

CF CLI before v6.45.0 (bosh release 1.16.0) stores the client id and secret in the CLI config file upon authentication with --client-credentials. A local authenticated user with access to that config can impersonate the leaked client. Impact is high for confidentiality and integrity of the creden...

7.8CVSS6.5AI score0.02088EPSS
Exploits0References2Affected Software9
Rows per page
Query Builder