CVE-2019-3785
6.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Foundry | CAPI | All < 1.78.0 | affected |
Weaknesses
- CWE-285: CWE-285: Improper Authorization
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.