CVE-2019-3783

Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.

Published : 2019-03-07 18:29 Updated : 2019-10-09 23:49

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Cloudfoundry Stratos 0.9.0 cpe:/a:cloudfoundry:stratos:0.9.0
Cloudfoundry Stratos 0.9.1 cpe:/a:cloudfoundry:stratos:0.9.1
Cloudfoundry Stratos 0.9.2 cpe:/a:cloudfoundry:stratos:0.9.2
Cloudfoundry Stratos 0.9.5 cpe:/a:cloudfoundry:stratos:0.9.5
Cloudfoundry Stratos 0.9.6 cpe:/a:cloudfoundry:stratos:0.9.6
Cloudfoundry Stratos 0.9.7 cpe:/a:cloudfoundry:stratos:0.9.7
Cloudfoundry Stratos 0.9.8 cpe:/a:cloudfoundry:stratos:0.9.8
Cloudfoundry Stratos 0.9.9 cpe:/a:cloudfoundry:stratos:0.9.9
Cloudfoundry Stratos 1.0.0 cpe:/a:cloudfoundry:stratos:1.0.0
Cloudfoundry Stratos 1.0.2 cpe:/a:cloudfoundry:stratos:1.0.2
Cloudfoundry Stratos 1.1.0 cpe:/a:cloudfoundry:stratos:1.1.0
Cloudfoundry Stratos 2.0.0 cpe:/a:cloudfoundry:stratos:2.0.0:-
Cloudfoundry Stratos 2.0.0 cpe:/a:cloudfoundry:stratos:2.0.0:beta-001
Cloudfoundry Stratos 2.0.0 cpe:/a:cloudfoundry:stratos:2.0.0:beta-002
Cloudfoundry Stratos 2.0.0 cpe:/a:cloudfoundry:stratos:2.0.0:rc1
Cloudfoundry Stratos 2.0.0 cpe:/a:cloudfoundry:stratos:2.0.0:rc2
Cloudfoundry Stratos 2.0.0 cpe:/a:cloudfoundry:stratos:2.0.0:rc3
Cloudfoundry Stratos 2.0.1 cpe:/a:cloudfoundry:stratos:2.0.1
Cloudfoundry Stratos 2.1.0 cpe:/a:cloudfoundry:stratos:2.1.0
Cloudfoundry Stratos 2.1.0-3 cpe:/a:cloudfoundry:stratos:2.1.0-3
Cloudfoundry Stratos 2.1.1 cpe:/a:cloudfoundry:stratos:2.1.1
Cloudfoundry Stratos 2.1.1-1 cpe:/a:cloudfoundry:stratos:2.1.1-1
Cloudfoundry Stratos 2.1.1-2 cpe:/a:cloudfoundry:stratos:2.1.1-2
Cloudfoundry Stratos 2.1.1-3 cpe:/a:cloudfoundry:stratos:2.1.1-3
Cloudfoundry Stratos 2.1.1-4 cpe:/a:cloudfoundry:stratos:2.1.1-4
Cloudfoundry Stratos 2.1.1-5 cpe:/a:cloudfoundry:stratos:2.1.1-5
Cloudfoundry Stratos 2.1.1-6 cpe:/a:cloudfoundry:stratos:2.1.1-6
Cloudfoundry Stratos 2.1.2 cpe:/a:cloudfoundry:stratos:2.1.2
Cloudfoundry Stratos 2.2.0 cpe:/a:cloudfoundry:stratos:2.2.0
Cloudfoundry Stratos 2.2.0-3 cpe:/a:cloudfoundry:stratos:2.2.0-3
Cloudfoundry Stratos 2.2.0-4 cpe:/a:cloudfoundry:stratos:2.2.0-4
Cloudfoundry Stratos 2.2.0-5 cpe:/a:cloudfoundry:stratos:2.2.0-5
  1. Cloudfoundry (1) Search CVE
    1. Stratos (27) Search CVE
      1. 0.9.0
      2. 0.9.1
      3. 0.9.2
      4. 0.9.5
      5. 0.9.6
      6. 0.9.7
      7. 0.9.8
      8. 0.9.9
      9. 1.0.0
      10. 1.0.2
      11. 1.1.0
      12. 2.0.0
      13. 2.0.1
      14. 2.1.0
      15. 2.1.0-3
      16. 2.1.1
      17. 2.1.1-1
      18. 2.1.1-2
      19. 2.1.1-3
      20. 2.1.1-4
      21. 2.1.1-5
      22. 2.1.1-6
      23. 2.1.2
      24. 2.2.0
      25. 2.2.0-3
      26. 2.2.0-4
      27. 2.2.0-5

CWE

ID Name Description Links
CWE-255 Credentials Management Weaknesses in this category are related to the management of credentials. CVE

Reference

History of changes

Date Event
2019-10-09 23:49
2019-03-08 15:23
2019-03-07 18:29

New CVE