Is CVE-2019-3782 actively exploited?

CVE-2019-3782 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-3782?

CVE-2019-3782 has a CVSS score of 7.8 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2019-3782?

Patch guidance is available from cloudfoundry security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-3782.

Which products are affected by CVE-2019-3782?

1 product: cloudfoundry credhub cli.

Fix CVE-2019-3782 - HIGH cloudfoundry credhub cli

Description

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-522 · Insufficiently Protected Credentials CWE-522 · Insufficiently Protected Credentials

Metadata

Primary Vendor: CLOUDFOUNDRY
Published: 2/13/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2019-3782

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary