← voltar
CVE-2019-3781

CF CLI does not sanitize user's password in verbose/trace/debug

CVSS 8.2 HIGHEPSS 1.3%CWE-215
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Produtos afetados
Cloud Foundry · CF CLI

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.cloudfoundry.org/blog/cve-2019-3781http://www.securityfocus.com/bid/107365