CVE-2019-3781

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-3781

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3781.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-3781

Downstream

SUSE-SU-2019:1220-1

SUSE-SU-2019:1220-2

Related

Published

2019-03-07T18:29:00.587Z

Modified

2026-01-30T00:59:22.991289Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.

References

Affected packages

Git / github.com/cloudfoundry/cli

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/cli
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

815ea2f3d41a98d7a7e4e520509160ba8b355725

Affected versions

Other

push

v9000

v9001

v0.*

v0.0.1.alpha

v6.*

v6.0.0

v6.0.0-beta

v6.0.0-beta2

v6.0.1

v6.0.1234

v6.1.0

v6.1.1

v6.1.2

v6.10.0

v6.11.0

v6.11.1

v6.11.2

v6.11.3

v6.12.0

v6.12.1

v6.12.2

v6.12.3

v6.12.4

v6.13.0

v6.14.0

v6.14.1

v6.15.0

v6.16.0

v6.16.1

v6.17.0

v6.17.1

v6.18.0

v6.18.1

v6.19.0

v6.2.0

v6.20.0

v6.21.0

v6.21.1

v6.22.1

v6.23.0

v6.23.1

v6.24.0

v6.25.0

v6.26.0

v6.27.0

v6.28.0

v6.29.0

v6.29.1

v6.29.2

v6.3.0

v6.3.1

v6.3.2

v6.30.0

v6.31.0

v6.32.0

v6.33.0

v6.33.1

v6.34.0

v6.34.1

v6.35.0

v6.35.1

v6.35.2

v6.36.0

v6.36.1

v6.37.0

v6.38.0

v6.39.0

v6.39.1

v6.4.0

v6.40.0

v6.40.1

v6.41.0

v6.42.0

v6.5.0

v6.5.1

v6.6.0

v6.6.1

v6.6.2

v6.7.0

v6.8.0

v6.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3781.json"