CVE-2019-3785
HIGHCloudfoundry Capi-release < 1.78.0 - Improper Authorization
Title source: ruleDescription
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-3785
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107514
Scores
CVSS v3
8.1
EPSS
0.0129
EPSS Percentile
66.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-269
CWE-285
Status
published
Products (1)
cloudfoundry/capi-release
< 1.78.0
Published
Mar 13, 2019
Tracked Since
Feb 18, 2026