Command Line Interface
CVE-2019-3781
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.
AnalysisAI
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-215. Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password. Affected products include: Cloudfoundry Command Line Interface.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Command Line Interface
View allAn issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appw
Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerab
Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to cre
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today