CVE-2019-3784

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3784
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3784.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3784
Published
2019-03-07T18:29:00Z
Modified
2024-09-03T02:51:45.344522Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.

References

Affected packages

Git / github.com/cloudfoundry-incubator/stratos

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry-incubator/stratos
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.9.0
0.9.1
0.9.2
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9

1.*

1.0.0

2.*

2.0.0
2.0.0-RC-1
2.0.0-beta-0002
2.0.0-beta-002
2.0.0-cap-test
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.1
2.1.0
2.1.0-3
2.1.1
2.1.1-1
2.1.1-2
2.1.1-3
2.1.1-4
2.1.1-5
2.1.1-6
2.1.2
2.2.0
2.2.0-3
2.2.0-4
2.2.0-5
2.3.0-rc.1
2.3.0-rc.2

Other

bleeding-edge
depcache
s4x
weekmarker

v2.*

v2.0.0-beta-001