Unrated severityNVD Advisory· Published Mar 7, 2019· Updated Sep 16, 2024
CF CLI does not sanitize user's password in verbose/trace/debug
CVE-2019-3781
Description
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <6.43.0
- osv-coords2 versionspkg:rpm/suse/cf-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20CAP%2015pkg:rpm/suse/cf-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20CAP%2015%20SP1
< 6.43.0-3.3.2+ 1 more
- (no CPE)range: < 6.43.0-3.3.2
- (no CPE)range: < 6.43.0-3.3.2
- Cloud Foundry/CF CLIv5Range: All
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/107365mitrevdb-entryx_refsource_BID
- www.cloudfoundry.org/blog/cve-2019-3781mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.