CVE-2019-3790
Summary
| CVE | CVE-2019-3790 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-06 19:29:00 UTC |
| Updated | 2019-10-09 23:49:00 UTC |
| Description | The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources. |
Risk And Classification
Problem Types: CWE-613
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pivotal Software | Operations Manager | All | All | All | All |
| Application | Pivotal Software | Operations Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2019-3790: Ops Manager uaa client issues tokens after refresh token expiration | Security | Pivotal | CONFIRM | pivotal.io | Vendor Advisory |
| Pivotal Ops Manager CVE-2019-3790 Unauthorized Access Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.