CVE-2019-3782

HIGH

Cloud Foundry CredHub CLI < 2.2.1 - Insufficiently Protected Credentials via Environment Variable Exposure

Title source: llm
STIX 2.1

Description

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-3782
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107038

Scores

CVSS v3 7.8
EPSS 0.0036
EPSS Percentile 27.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (1)
cloudfoundry/credhub_cli < 2.2.1
Published Feb 13, 2019
Tracked Since Feb 18, 2026