CVE-2019-3782

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.

Published : 2019-02-13 16:29 Updated : 2019-10-09 23:49

2.1
CVSS Score More info
Score 2.1 / 10
2.1
Vendor Product Version URI
Cloudfoundry Credhub Cli 0.1.0 cpe:/a:cloudfoundry:credhub_cli:0.1.0
Cloudfoundry Credhub Cli 0.2.0 cpe:/a:cloudfoundry:credhub_cli:0.2.0
Cloudfoundry Credhub Cli 0.3.0 cpe:/a:cloudfoundry:credhub_cli:0.3.0
Cloudfoundry Credhub Cli 0.4.0 cpe:/a:cloudfoundry:credhub_cli:0.4.0
Cloudfoundry Credhub Cli 0.5.0 cpe:/a:cloudfoundry:credhub_cli:0.5.0
Cloudfoundry Credhub Cli 0.5.1 cpe:/a:cloudfoundry:credhub_cli:0.5.1
Cloudfoundry Credhub Cli 0.6.0 cpe:/a:cloudfoundry:credhub_cli:0.6.0
Cloudfoundry Credhub Cli 0.7.0 cpe:/a:cloudfoundry:credhub_cli:0.7.0
Cloudfoundry Credhub Cli 0.8.0 cpe:/a:cloudfoundry:credhub_cli:0.8.0
Cloudfoundry Credhub Cli 1.0.0 cpe:/a:cloudfoundry:credhub_cli:1.0.0
Cloudfoundry Credhub Cli 1.1.0 cpe:/a:cloudfoundry:credhub_cli:1.1.0
Cloudfoundry Credhub Cli 1.2.0 cpe:/a:cloudfoundry:credhub_cli:1.2.0
Cloudfoundry Credhub Cli 1.3.0 cpe:/a:cloudfoundry:credhub_cli:1.3.0
Cloudfoundry Credhub Cli 1.4.0 cpe:/a:cloudfoundry:credhub_cli:1.4.0
Cloudfoundry Credhub Cli 1.4.1 cpe:/a:cloudfoundry:credhub_cli:1.4.1
Cloudfoundry Credhub Cli 1.5.0 cpe:/a:cloudfoundry:credhub_cli:1.5.0
Cloudfoundry Credhub Cli 1.5.1 cpe:/a:cloudfoundry:credhub_cli:1.5.1
Cloudfoundry Credhub Cli 1.5.2 cpe:/a:cloudfoundry:credhub_cli:1.5.2
Cloudfoundry Credhub Cli 1.5.3 cpe:/a:cloudfoundry:credhub_cli:1.5.3
Cloudfoundry Credhub Cli 1.6.0 cpe:/a:cloudfoundry:credhub_cli:1.6.0
Cloudfoundry Credhub Cli 1.7 cpe:/a:cloudfoundry:credhub_cli:1.7
Cloudfoundry Credhub Cli 1.7.0 cpe:/a:cloudfoundry:credhub_cli:1.7.0
Cloudfoundry Credhub Cli 1.7.1 cpe:/a:cloudfoundry:credhub_cli:1.7.1
Cloudfoundry Credhub Cli 1.7.3 cpe:/a:cloudfoundry:credhub_cli:1.7.3
Cloudfoundry Credhub Cli 1.7.4 cpe:/a:cloudfoundry:credhub_cli:1.7.4
Cloudfoundry Credhub Cli 1.7.5 cpe:/a:cloudfoundry:credhub_cli:1.7.5
Cloudfoundry Credhub Cli 1.7.6 cpe:/a:cloudfoundry:credhub_cli:1.7.6
Cloudfoundry Credhub Cli 2.0.0 cpe:/a:cloudfoundry:credhub_cli:2.0.0
Cloudfoundry Credhub Cli 2.0.1 cpe:/a:cloudfoundry:credhub_cli:2.0.1
Cloudfoundry Credhub Cli 2.1.0 cpe:/a:cloudfoundry:credhub_cli:2.1.0
Cloudfoundry Credhub Cli 2.2.0 cpe:/a:cloudfoundry:credhub_cli:2.2.0
  1. Cloudfoundry (1) Search CVE
    1. Credhub Cli (31) Search CVE
      1. 0.1.0
      2. 0.2.0
      3. 0.3.0
      4. 0.4.0
      5. 0.5.0
      6. 0.5.1
      7. 0.6.0
      8. 0.7.0
      9. 0.8.0
      10. 1.0.0
      11. 1.1.0
      12. 1.2.0
      13. 1.3.0
      14. 1.4.0
      15. 1.4.1
      16. 1.5.0
      17. 1.5.1
      18. 1.5.2
      19. 1.5.3
      20. 1.6.0
      21. 1.7
      22. 1.7.0
      23. 1.7.1
      24. 1.7.3
      25. 1.7.4
      26. 1.7.5
      27. 1.7.6
      28. 2.0.0
      29. 2.0.1
      30. 2.1.0
      31. 2.2.0

CWE

ID Name Description Links
CWE-255 Credentials Management Weaknesses in this category are related to the management of credentials. CVE

History of changes

Date Event
2019-10-09 23:49
2019-03-07 14:43
2019-02-16 11:29
2019-02-15 19:18
2019-02-13 16:29

New CVE