CVE-2019-3781 HIGH

CVE-2019-3781: CF CLI does not sanitize user's password in verbose/trace/debug

Vendor Cloud Foundry
Product CF CLI
Weakness CWE-215
Published March 7, 2019
Last update September 16, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.

Key dates

02Disclosure timeline

March 7, 2019 CVE published
September 16, 2024 Record updated