First published: Wed Feb 13 2019(Updated: )
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Credhub Cli | <2.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-3782.
The severity of CVE-2019-3782 is high (7.8).
Cloud Foundry CredHub CLI is a command-line interface for managing credentials in Cloud Foundry.
Versions prior to 2.2.1 of Cloud Foundry CredHub CLI are affected.
CVE-2019-3782 allows a local authenticated malicious user to retrieve and modify credentials by accessing the CredHub CLI config file.
To fix CVE-2019-3782, update Cloud Foundry CredHub CLI to version 2.2.1 or higher.