CVE-2019-3783

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3783
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3783.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3783
Published
2019-03-07T18:29:00Z
Modified
2024-09-03T02:51:43.219646Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.

References

Affected packages

Git / github.com/cloudfoundry-incubator/stratos

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry-incubator/stratos
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.9.0
0.9.1
0.9.2
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9

1.*

1.0.0

2.*

2.0.0
2.0.0-RC-1
2.0.0-beta-0002
2.0.0-beta-002
2.0.0-cap-test
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.1
2.1.0
2.1.0-3
2.1.1
2.1.1-1
2.1.1-2
2.1.1-3
2.1.1-4
2.1.1-5
2.1.1-6
2.1.2
2.2.0
2.2.0-3
2.2.0-4
2.2.0-5
2.3.0-rc.1
2.3.0-rc.2

Other

bleeding-edge
depcache
s4x
weekmarker

v2.*

v2.0.0-beta-001