5 matches found
SUSE CVE-2019-3800
CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...
Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI
Summary Default embedded CF CLI in IBM Cloud CLI version prior to 0.20.0 contains a security vulnerability which might expose customer credentials. Vulnerability Details CVEID: CVE-2019-3800 DESCRIPTION: CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret t...
Security Bulletin: Security Vulnerability affects Cloud Foundry for IBM Cloud Private (CVE-2019-3800)
Summary Security Vulnerability affects Cloud Foundry for IBM Cloud Private Vulnerability Details CVEID: CVE-2019-3800 DESCRIPTION: Pivotal Cloud Foundry CL could allow a local authenticated attacker to obtain sensitive information, caused by storing sensitive information in the config when user...
CVE-2019-3800 CF CLI writes the client id and secret to config file
CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...
CVE-2019-3800
CF CLI before v6.45.0 (bosh release 1.16.0) stores the client id and secret in the CLI config file upon authentication with --client-credentials. A local authenticated user with access to that config can impersonate the leaked client. Impact is high for confidentiality and integrity of the creden...