Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cloudfoundry.org/blog/cve-2019-3784 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2019-03-07T19:00:00Z
Updated: 2024-09-16T18:56:08.918Z
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3784
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-07T18:29:00.663
Modified: 2024-11-21T04:42:32.183
Link: CVE-2019-3784
Redhat
No data.