Pivotal Application Service vulnerabilities

3 known vulnerabilities affecting pivotal/application_service.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH3

Vulnerabilities

Page 1 of 1

CVE-2019-3800HIGHCVSS 7.8≥ 2.3.0, < 2.3.14≥ 2.4.0, < 2.4.10+1 more2019-08-05

CVE-2019-3800 [HIGH] CWE-522 CVE-2019-3800: CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

CVE-2018-11086HIGHCVSS 8.8≥ 2.0, < 2.0.21≥ 2.1, < 2.1.13+1 more2018-09-17

CVE-2018-11086 [HIGH] CVE-2018-11086: Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.

CVE-2018-11088HIGHCVSS 8.8≥ 2.0, < 2.0.21≥ 2.1, < 2.1.13+1 more2018-09-17

CVE-2018-11088 [HIGH] CVE-2018-11088: Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 pr Pivotal Applications Manager in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role.