Cloud Foundry Container Runtime Leaks IAAS Credentials
CVE-2019-3780

9.1CRITICAL

Key Information:

Vendor: Cloud Foundry
Status: Cloud Foundry Container Runtime (cfcr)
Vendor: CVE Published:; 8 March 2019

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2019-3780?

Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.

Affected Version(s)

Cloud Foundry Container Runtime (CFCR) All

References

https://www.cloudfoundry.org/blog/cve-2019-3780

x_refsource_CONFIRM

http://www.securityfocus.com/bid/107434

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

CVSS V3.0

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2019
Vulnerability Reserved
Jan 3, 2019

CVE-2019-3780 Data

JSON