CVE-2019-3782
Summary
| CVE | CVE-2019-3782 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-13 16:29:00 UTC |
| Updated | 2020-10-19 17:49:00 UTC |
| Description | Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudfoundry | Credhub Cli | All | All | All | All |
| Application | Cloudfoundry | Credhub Cli | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2019-3782: CredHub CLI writes environment variable credentials to disk | Cloud Foundry | CONFIRM | www.cloudfoundry.org | Vendor Advisory |
| Cloud Foundry CredHub CLI CVE-2019-3782 Arbitrary File Write Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.