VYPR
Unrated severityNVD Advisory· Published Aug 5, 2019· Updated Sep 17, 2024

CF CLI writes the client id and secret to config file

CVE-2019-3800

Description

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: <6.45.0
  • Cloud Foundry/CF CLIv5
    Range: versions prior to v6.45.0
  • Cloud Foundry/CF CLI Releasev5
    Range: v1.x before v1.16.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.