{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-02-14T19:48:25.155Z","ID":"CVE-2019-3780","STATE":"PUBLIC","TITLE":"Cloud Foundry Container Runtime Leaks IAAS Credentials"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Cloud Foundry Container Runtime (CFCR)","version":{"version_data":[{"affected":"<","version_name":"All","version_value":"v0.28.0"}]}}]},"vendor_name":"Cloud Foundry"},{"product":{"product_data":[{"product_name":"Pivotal Container Service (PKS)","version":{"version_data":[{"affected":"<","version_name":"1.3","version_value":"1.3.2"}]}}]},"vendor_name":"Pivotal"}]}},"description":{"description_data":[{"lang":"eng","value":"Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-260: Password in Configuration File"}]}]},"references":null,"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.0"}}}
