PT-2019-16713 · Cloud Foundry · Cloud Foundry Stratos

Publicado

2019-03-07

Atualizado

2020-10-19

CVE-2019-3783

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry Stratos versions prior to 2.3.0

Description The issue allows a malicious user with knowledge of the default session store secret to brute force another user's current session and act on their behalf.

Recommendations For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider changing the default session store secret to a unique and secure value until a patch is applied. Restrict access to sensitive operations to minimize the risk of exploitation.

Correção

Session Fixation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1188CWE-384

Identificadores relacionados

CVE-2019-3783

Produtos afetados

Cloud Foundry Stratos

PT-2019-16713 · Cloud Foundry · Cloud Foundry Stratos

CVE-2019-3783

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3