CVE-2019-3781

Summary

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryCF CLIAll < v6.43.0affected

Weaknesses

  • CWE-215: CWE-215: Information Exposure Through Debug Information

ADP Enrichment

CVE Program Container

Additional References

References