cbcvebase.
CVE-2019-3800
published 2019-08-05

CVE-2019-3800: CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with…

PriorityP341high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
2.09%
79.3th percentile
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

Affected

62 ranges· showing 25
VendorProductVersion rangeFixed in
anynineselasticsearch< 2.1.22.1.2
anynineslogme< 2.1.22.1.2
anyninesmongodb< 2.1.22.1.2
anyninesmysql< 2.1.22.1.2
anyninespostgresql< 2.1.22.1.2
anyninesrabbitmq< 2.1.22.1.2
anyninesredis< 2.1.22.1.2
apigeeedge_service_broker< 3.1.33.1.3
appdynamicsapplication_analytics< 4.7.6524.7.652
appdynamicsapplication_performance_monitoring< 4.6.644.6.64
appdynamicsplatform_montioring< 4.7.7124.7.712
bluemedoranozzle< 3.1.13.1.1
cloud_foundrycf_cli
cloud_foundrycf_cli_release
contrastsecurityservice_broker< 2.2.02.2.0
cyberarkconjur_service_broker< 1.1.11.1.1
datadoghqapplication_monitoring< 1.7.01.7.0
datastaxenterprise_service_broker< 1.0.21.0.2
dynatraceservice_broker< 1.4.21.4.2
forgerockservice_broker< 2.1.22.1.2
googlegoogle_cloud_platform_service_broker< 4.2.34.2.3
ibmwebsphere_liberty< 3.11.03.11.0
microsoftazure_log_analytics_nozzle< 1.4.11.4.1
microsoftazure_service_broker< 1.4.11.4.1
newrelicdotnet_extension_buildpack< 1.1.11.1.1

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.