First published: Tue Mar 12 2019(Updated: )
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Capi-release | <1.78.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3785 is a vulnerability in Cloud Foundry Cloud Controller versions prior to 1.78.0 that allows a remote authenticated malicious user to gain unauthorized write permissions.
CVE-2019-3785 has a severity rating of 8.1, which is considered high.
The affected software is Cloud Foundry Cloud Controller versions prior to 1.78.0.
A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants write permissions to the bit-service.
Yes, you can find more information about CVE-2019-3785 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/107514) and [Cloud Foundry Blog](https://www.cloudfoundry.org/blog/cve-2019-3785).