CVE-2019-3800

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3800
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3800.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3800
Published
2019-08-05T17:15:10Z
Modified
2024-06-06T12:50:48.298845Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Type
GIT
Repo
https://github.com/bosh-packages/cf-cli-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/cloudfoundry/app-autoscaler-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/cloudfoundry/cf-deployment
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/cloudfoundry/cf-deployment-concourse-tasks
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/cloudfoundry/cf-networking-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/cloudfoundry/log-cache-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/cloudfoundry/routing-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.0.1-cli
0.0.2-cli
0.0.3-cli
0.1.0
0.1.1
0.10.0
0.11.0
0.118.0
0.12.0
0.121.0
0.123.0
0.126.0
0.13.0
0.133.0
0.134.0
0.135.0
0.136.0
0.137.0
0.138.0
0.139.0
0.14.0
0.140.0
0.141.0
0.142.0
0.143.0
0.144.0
0.145.0
0.146.0
0.147.0
0.149.0
0.15.0
0.150.0
0.151.0
0.152.0
0.153.0
0.154.0
0.155.0
0.156.0
0.157.0
0.158.0
0.159.0
0.16.0
0.160.0
0.161.0
0.162.0
0.163.0
0.164.0
0.165.0
0.166.0
0.167.0
0.168.0
0.169.0
0.17.0
0.170.0
0.171.0
0.172.0
0.173.0
0.174.0
0.175.0
0.176.0
0.177.0
0.178.0
0.179.0
0.18.0
0.180.0
0.181.0
0.182.0
0.183.0
0.184.0
0.185.0
0.186.0
0.187.0
0.188.0
0.19.0
0.2.0
0.2.1
0.20.0
0.21.0
0.22.0
0.23.0
0.24.0
0.25.0
0.3.0
0.4.0
0.5.0
0.6.0
0.62.0
0.66.0
0.69.0
0.7.0
0.8.0
0.9.0
0.99.0

1.*

1.0.0
1.1.0
1.10.0
1.11.0
1.12.0
1.13.0
1.2.0
1.3.0
1.3.2
1.3.3
1.3.4
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.8.1
1.9.0

2.*

2.0.0
2.1.0
2.10.0
2.11.0
2.12.0
2.13.0
2.14.0
2.15.0
2.16.0
2.17.0
2.18.0
2.19.0
2.2.0
2.20.0
2.21.0
2.22.0
2.3.0
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0

3.*

3.1.0
3.1.1
3.2.0
3.3.0
3.4.0
3.4.1
3.4.2
3.5.0
3.6.0
3.6.1
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
3.7.7

4.*

4.0.0
4.1.0
4.11

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.1.0
5.2.0
5.2.1
5.2.10
5.2.11
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
5.2.8
5.2.9
5.3.0
5.3.1
5.3.2
5.4.0

6.*

6.0.0
6.1.0
6.1.1

7.*

7.0.0
7.1.0

8.*

8.12

v0.*

v0.0.0
v0.0.1
v0.0.1-cli
v0.0.2
v0.0.2-cli
v0.0.3-cli
v0.1
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.2
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.21.0
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.3
v0.3.0
v0.30.0
v0.31.0
v0.32.0
v0.32.1
v0.33.0
v0.34.0
v0.35.0
v0.36.0
v0.37.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
v0.9.1

v1.*

v1.0
v1.0.0
v1.1
v1.1.0
v1.1.1
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.2
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.4
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.40.0
v1.5
v1.5.0
v1.6
v1.6.0
v1.7.0
v1.8.0
v1.8.1
v1.9.0

v2.*

v2.0
v2.0.0
v2.0.1
v2.0.2
v2.1
v2.1.0
v2.1.1
v2.2
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0

v3.*

v3.0
v3.0.0
v3.1
v3.1.0
v3.10
v3.11
v3.12
v3.13
v3.14
v3.15
v3.16
v3.17
v3.2
v3.2.0
v3.3
v3.3.0
v3.4
v3.4.0
v3.5
v3.5.0
v3.6
v3.6.0
v3.7
v3.8
v3.9

v4.*

v4.0
v4.0.0
v4.1
v4.1.0
v4.10
v4.11
v4.12
v4.13
v4.14
v4.15
v4.16
v4.17
v4.18
v4.19
v4.2
v4.2.0
v4.20
v4.21
v4.3
v4.3.0
v4.4
v4.4.0
v4.5
v4.5.0
v4.6
v4.7
v4.8
v4.9

v5.*

v5.0
v5.0.0
v5.1
v5.1.0
v5.2
v5.2.0
v5.3
v5.3.0
v5.4
v5.4.0
v5.5
v5.5.0
v5.6
v5.7

v6.*

v6.0
v6.0.0
v6.1
v6.1.0
v6.10
v6.10.0
v6.11
v6.12
v6.13
v6.14
v6.2
v6.2.0
v6.3
v6.3.0
v6.4
v6.4.0
v6.5
v6.5.0
v6.6
v6.6.0
v6.7
v6.7.0
v6.8
v6.8.0
v6.9
v6.9.0

v7.*

v7.0
v7.0.0
v7.1
v7.1.0
v7.10
v7.10.0
v7.11
v7.11.0
v7.12
v7.13
v7.14
v7.15
v7.16
v7.2
v7.2.0
v7.3
v7.3.0
v7.4
v7.4.0
v7.5
v7.5.0
v7.6
v7.6.0
v7.7
v7.8
v7.8.0
v7.9
v7.9.0

v8.*

v8.0
v8.0.0
v8.1
v8.1.0
v8.10
v8.11
v8.12
v8.13
v8.14
v8.15.0
v8.16.0
v8.17.0
v8.18.0
v8.2
v8.2.0
v8.3
v8.4
v8.5
v8.6
v8.7
v8.8
v8.9

v9.*

v9.0.0
v9.0.1
v9.1.0
v9.2.0
v9.2.1
v9.3.0
v9.4.0
v9.5.0