2 matches found
CVE-2019-3783
The CVE-2019-3783 entry affects Cloud Foundry Stratos prior to 2.3.0, where a public default session store secret can be brute-forced to hijack another user’s Stratos session and act on their behalf. Root cause: use of a public default session secret in deployed Stratos instances. Impact: attacke...
CVE-2019-3784
CVE-2019-3784 affects Cloud Foundry Stratos prior to version 2.3.0 . The issue is an insecure session that can be spoofed when hosted on Cloud Foundry with multiple instances using the default embedded SQLite database, allowing a remote authenticated attacker to switch sessions to another user sh...