Unrated severityNVD Advisory· Published Feb 13, 2019· Updated Sep 16, 2024
CredHub CLI writes environment variable credentials to disk
CVE-2019-3782
Description
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.2.1
- Cloud Foundry/CredHub CLIv5Range: All
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/107038mitrevdb-entryx_refsource_BID
- www.cloudfoundry.org/blog/cve-2019-3782mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.