Unrated severityNVD Advisory· Published Jun 6, 2019· Updated Sep 16, 2024
Ops Manager uaa client issues tokens after refresh token expiration
CVE-2019-3790
Description
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
Affected products
2- Range: >=2.2.0, <2.2.23 || >=2.3.0, <2.3.16 || >=2.4.0, <2.4.11 || >=2.5.0, <2.5.3
- Range: 2.3
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/108512mitrevdb-entryx_refsource_BID
- pivotal.io/security/cve-2019-3790mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.