PT-2019-16713 · Cloud Foundry · Cloud Foundry Stratos

Published

2019-03-07

Updated

2020-10-19

CVE-2019-3783

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry Stratos versions prior to 2.3.0

Description The issue allows a malicious user with knowledge of the default session store secret to brute force another user's current session and act on their behalf.

Recommendations For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider changing the default session store secret to a unique and secure value until a patch is applied. Restrict access to sensitive operations to minimize the risk of exploitation.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188CWE-384

Related Identifiers

CVE-2019-3783

Affected Products

Cloud Foundry Stratos

PT-2019-16713 · Cloud Foundry · Cloud Foundry Stratos

CVE-2019-3783

Weakness Enumeration

Related Identifiers

Affected Products

References · 3