CVE-2019-3780
HIGHCloud Foundry Container Runtime < 0.28.0 - Unprotected IAAS Credential Exposure in K8s Worker Node Configuration
Title source: llmDescription
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-3780
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107434
Scores
CVSS v3
8.8
EPSS
0.0146
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-260
CWE-522
Status
published
Products (1)
cloudfoundry/container_runtime
< 0.28.0
Published
Mar 08, 2019
Tracked Since
Feb 18, 2026