CVE-2019-3783

Summary

Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryStratosAll < 2.3.0affected

Weaknesses

  • CWE-384: CWE-384: Session Fixation

ADP Enrichment

CVE Program Container

Additional References

References