CVE-2019-3800
- Source
- https://cve.org/CVERecord?id=CVE-2019-3800
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-3800
- Published
- 2019-08-05T17:15:10.960Z
- Modified
- 2026-05-15T12:04:01.352834721Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:anynines:elasticsearch:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "anynines:elasticsearch", "extracted_events": [ { "fixed": "2.1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:anynines:logme:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "anynines:logme", "extracted_events": [ { "fixed": "2.1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:anynines:mongodb:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "anynines:mongodb", "extracted_events": [ { "fixed": "2.1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:anynines:mysql:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "anynines:mysql", "extracted_events": [ { "fixed": "2.1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:anynines:postgresql:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "anynines:postgresql", "extracted_events": [ { "fixed": "2.1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:anynines:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "anynines:rabbitmq", "extracted_events": [ { "fixed": "2.1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:anynines:redis:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "anynines:redis", "extracted_events": [ { "fixed": "2.1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:apigee:edge_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "apigee:edge_service_broker", "extracted_events": [ { "fixed": "3.1.3" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:appdynamics:application_analytics:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "appdynamics:application_analytics", "extracted_events": [ { "fixed": "4.7.652" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:appdynamics:application_performance_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "appdynamics:application_performance_monitoring", "extracted_events": [ { "fixed": "4.6.64" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:appdynamics:platform_montioring:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "appdynamics:platform_montioring", "extracted_events": [ { "fixed": "4.7.712" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:bluemedora:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "bluemedora:nozzle", "extracted_events": [ { "fixed": "3.1.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:cyberark:conjur_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "cyberark:conjur_service_broker", "extracted_events": [ { "fixed": "1.1.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:datastax:enterprise_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "datastax:enterprise_service_broker", "extracted_events": [ { "fixed": "1.0.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:dynatrace:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "dynatrace:service_broker", "extracted_events": [ { "fixed": "1.4.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:forgerock:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "forgerock:service_broker", "extracted_events": [ { "fixed": "2.1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:google:google_cloud_platform_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "google:google_cloud_platform_service_broker", "extracted_events": [ { "fixed": "4.2.3" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:ibm:websphere_liberty_:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "ibm:websphere_liberty_", "extracted_events": [ { "fixed": "3.11.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:microsoft:azure_log_analytics_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "microsoft:azure_log_analytics_nozzle", "extracted_events": [ { "fixed": "1.4.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:microsoft:azure_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "microsoft:azure_service_broker", "extracted_events": [ { "fixed": "1.4.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:newrelic:dotnet_extension_buildpack:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "newrelic:dotnet_extension_buildpack", "extracted_events": [ { "fixed": "1.1.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:newrelic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "newrelic:nozzle", "extracted_events": [ { "fixed": "1.1.17" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:newrelic:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "newrelic:service_broker", "extracted_events": [ { "fixed": "1.12.64" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pagerduty:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "pagerduty:service_broker", "extracted_events": [ { "fixed": "1.2.4" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:application_service", "extracted_events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.14" }, { "introduced": "2.4.0" }, { "fixed": "2.4.10" }, { "introduced": "2.5.0" }, { "fixed": "2.5.6" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:cloud_foundry_autoscaling_release:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:cloud_foundry_autoscaling_release", "extracted_events": [ { "fixed": "219" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:cloud_foundry_command_line_interface_release:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:cloud_foundry_command_line_interface_release", "extracted_events": [ { "fixed": "1.16.0" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:cloud_foundry_event_alerts:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:cloud_foundry_event_alerts", "extracted_events": [ { "fixed": "1.2.8" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:cloud_foundry_healthwatch", "extracted_events": [ { "introduced": "1.4.0" }, { "fixed": "1.4.7" }, { "introduced": "1.5.0" }, { "fixed": "1.5.4" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:cloud_foundry_notifications", "extracted_events": [ { "fixed": "58" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:cloud_foundry_smoke_test:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:cloud_foundry_smoke_test", "extracted_events": [ { "fixed": "40.0.113" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:credhub_service_broker_for_pcf:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:credhub_service_broker_for_pcf", "extracted_events": [ { "fixed": "1.3.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:metric_registrar_release:*:*:*:*:*:*:*:*" ], "vendor_product": "pivotal:metric_registrar_release", "extracted_events": [ { "fixed": "1.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:pivotal_cloud_foundry_service_broker:*:*:*:*:*:aws:*:*" ], "vendor_product": "pivotal:pivotal_cloud_foundry_service_broker", "extracted_events": [ { "fixed": "1.4.13" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*" ], "vendor_product": "pivotal:single_sign-on", "extracted_events": [ { "introduced": "1.7.0" }, { "fixed": "1.7.5" }, { "introduced": "1.8.0" }, { "fixed": "1.8.4" }, { "introduced": "1.9.0" }, { "fixed": "1.9.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:riverbed:steelcentral_appinternals:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "riverbed:steelcentral_appinternals", "extracted_events": [ { "fixed": "10.21.1-bl516" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:samba:volume_service:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "samba:volume_service", "extracted_events": [ { "fixed": "1.1.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:snyk:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "snyk:service_broker", "extracted_events": [ { "fixed": "1.0.3" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:solace:pubsub\\+:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "solace:pubsub+", "extracted_events": [ { "fixed": "2.3.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:splunk:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "splunk:nozzle", "extracted_events": [ { "fixed": "1.1.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:sumologic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "sumologic:nozzle", "extracted_events": [ { "fixed": "1.0.1" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:synopsys:seeker_iast_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "synopsys:seeker_iast_service_broker", "extracted_events": [ { "fixed": "1.2.14" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:tibco:businessworks_buildpack:*:*:*:*:container:pivotal_cloud_foundry:*:*" ], "vendor_product": "tibco:businessworks_buildpack", "extracted_events": [ { "fixed": "2.4.4" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:wavefront:wavefront_by_vmware_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "wavefront:wavefront_by_vmware_nozzle", "extracted_events": [ { "fixed": "1.0.2" } ] }, { "source": "CPE_FIELD", "cpes": [ "cpe:2.3:a:yugabyte:db_enterprise:*:*:*:*:*:pivotal_cloud_foundry:*:*" ], "vendor_product": "yugabyte:db_enterprise", "extracted_events": [ { "fixed": "1.1.8" } ] } ] }- References