VYPR

CF CLI

by Cloudfoundry

CVEs (2)

  • CVE-2019-3800Aug 5, 2019
    risk 0.00cvss epss 0.02

    CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is…

  • CVE-2019-3781Mar 7, 2019
    risk 0.00cvss epss 0.01

    Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.