anynines elasticsearch CVE-2019-3800 vulnerability in Anynines and Other Products
Published on August 5, 2019

CF CLI writes the client id and secret to config file

product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo product logo
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

NVD

Weakness Type

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.


Products Associated with CVE-2019-3800

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3800 are published in these products:

Anynines Elasticsearch
 
Anynines Logme
 
Anynines Mongodb
 
Anynines Mysql
 
Anynines Postgresql
 
Anynines Rabbitmq
 
Anynines Redis
 
Apigee Edge Service Broker
 
AppDynamics Application Analytics
 
AppDynamics Application Performance Monitoring
 
AppDynamics Platform Montioring
 
Bluemedora Nozzle
 
Contrastsecurity Service Broker
 
CyberArk Conjur Service Broker
 
Datadoghq Application Monitoring
 
Datastax Enterprise Service Broker
 
Dynatrace Service Broker
 
Forgerock Service Broker
 
Google Cloud Platform Service Broker
 
IBM Websphere Liberty
 
Microsoft Azure Log Analytics Nozzle
 
Microsoft Azure Service Broker
 
Newrelic Dotnet Extension Buildpack
 
Newrelic Nozzle
 
Newrelic Service Broker
 
Pagerduty Service Broker
 
Pivotal Application Service
 
Pivotal Cloud Foundry Autoscaling Release
 
Pivotal Cloud Foundry Command Line Interface
 
Pivotal Cloud Foundry Command Line Interface Release
 
Pivotal Cloud Foundry Deployment
 
Pivotal Cloud Foundry Deployment Concourse Tasks
 
Pivotal Cloud Foundry Event Alerts
 
Pivotal Cloud Foundry Healthwatch
 
Pivotal Cloud Foundry Log Cache Release
 
Pivotal Cloud Foundry Networking Release
 
Pivotal Cloud Foundry Notifications
 
Pivotal Cloud Foundry Routing Release
 
Pivotal Cloud Foundry Smoke Test
 
Pivotal Credhub Service Broker For Pcf
 
Pivotal Metric Registrar Release
 
Pivotal On Demand Service Broker
 
Pivotal Cloud Foundry Service Broker
 
Pivotal Single Sign On
 
Riverbed Steelcentral Appinternals
 
Samba Volume Service
 
Signalsciences Service Broker
 
Snyk Service Broker
 
Solace Pubsub
 
Splunk Nozzle
 
Sumologic Nozzle
 
Synopsys Seeker Iast Service Broker
 
Tibco Businessworks Buildpack
 
Wavefront By Vmware Nozzle
 
Yugabyte Db Enterprise
 

Affected Versions

Cloud Foundry CF CLI Release: Cloud Foundry CF CLI:

Exploit Probability

EPSS
0.21%
Percentile
42.48%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.