CVE-2019-3800
medium
ForgeRock CVSS v3 Base Score
6.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: August 5, 2019 (2474 days ago)
Last Modified: November 21, 2024
Vendor: ForgeRock
Source: NVD
Vulnerability Report
Generated by CyberWatcher
Description
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.