CVE-2019-3785 - OpenCVE

Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cloudfoundry	Capi-release

Configuration 1 [-]

cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/107514
https://www.cloudfoundry.org/blog/cve-2019-3785

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2019-03-13T22:00:00Z

Updated: 2024-09-17T01:56:39.503Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3785

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-13T21:29:00.493

Modified: 2021-08-17T15:30:28.890

Link: CVE-2019-3785

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CAPI", "vendor": "Cloud Foundry", "versions": [{"lessThan": "1.78.0", "status": "affected", "version": "All", "versionType": "custom"}]}], "datePublic": "2019-03-12T00:00:00", "descriptions": [{"lang": "en", "value": "Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-22T06:06:04", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/blog/cve-2019-3785"}, {"name": "107514", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107514"}], "source": {"discovery": "UNKNOWN"}, "title": "Cloud Controller provides signed URL with write authorization to read only user", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2019-03-12T00:00:00.000Z", "ID": "CVE-2019-3785", "STATE": "PUBLIC", "TITLE": "Cloud Controller provides signed URL with write authorization to read only user"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CAPI", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "All", "version_value": "1.78.0"}]}}]}, "vendor_name": "Cloud Foundry"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285: Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/blog/cve-2019-3785", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/blog/cve-2019-3785"}, {"name": "107514", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107514"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.253Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cloudfoundry.org/blog/cve-2019-3785"}, {"name": "107514", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107514"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2019-3785", "datePublished": "2019-03-13T22:00:00Z", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-09-17T01:56:39.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B10A48A-83CD-49C0-983E-602578B6D5FB", "versionEndExcluding": "1.78.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service."}, {"lang": "es", "value": "Cloud Foundry Cloud Controller, en versiones anteriores a la 1.78.0, contiene un endpoint con autorizaci\u00f3n incorrecta. Un usuario autenticado remoto con permisos de lectura puede solicitar informaci\u00f3n de paquetes y recibir una URL firmada \"bit-service\" que otorga al usuario permisos de escritura al bit-service."}], "id": "CVE-2019-3785", "lastModified": "2021-08-17T15:30:28.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security_alert@emc.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-13T21:29:00.493", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107514"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/blog/cve-2019-3785"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "security_alert@emc.com", "type": "Secondary"}]}