CVE-2019-3780

Summary

Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryCloud Foundry Container Runtime (CFCR)All < v0.28.0affected

Weaknesses

  • CWE-260: CWE-260: Password in Configuration File

ADP Enrichment

CVE Program Container

Additional References

References