CVE-2019-3782

EPSS 0.07%
Veröffentlicht 13.02.2019 16:29:00
Zuletzt bearbeitet 21.11.2024 04:42:31
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudfoundry ≫ Credhub Cli Version < 2.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.196

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
security_alert@emc.com	6.3	2	3.7	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://www.securityfocus.com/bid/107038

Third Party Advisory

VDB Entry

https://www.cloudfoundry.org/blog/cve-2019-3782

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-3782

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3782

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3782

EUVD