{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-02-25T00:00:00.000Z","ID":"CVE-2019-3781","STATE":"PUBLIC","TITLE":"CF CLI does not sanitize user's password in verbose/trace/debug"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"CF CLI","version":{"version_data":[{"affected":"<","version_name":"All","version_value":"v6.43.0"}]}}]},"vendor_name":"Cloud Foundry"}]}},"description":{"description_data":[{"lang":"eng","value":"Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-215: Information Exposure Through Debug Information"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.cloudfoundry.org/blog/cve-2019-3781","url":"https://www.cloudfoundry.org/blog/cve-2019-3781"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","version":"3.0"}}}
