Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107514 | Third Party Advisory VDB Entry |
https://www.cloudfoundry.org/blog/cve-2019-3785 | Vendor Advisory |
Configurations
History
17 Aug 2021, 15:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:* |
Information
Published : 2019-03-13 21:29
Updated : 2024-02-04 20:20
NVD link : CVE-2019-3785
Mitre link : CVE-2019-3785
CVE.ORG link : CVE-2019-3785
JSON object : View
Products Affected
cloudfoundry
- capi-release