HOMEVULNERABILITIESCVE-2019-3800
MEDIUM

CVE-2019-3800

CWE-522Published: August 5, 2019· Updated: Jun 17, 2026

6.3
CVSS v3.1

Official Description

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

NVD Source

Technical Analysis

CVE-2019-3800 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

The vulnerability has a "Changed" scope, meaning successful exploitation can impact components beyond the vulnerable component itself — such as the host operating system or adjacent services.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeChanged
Impact
ConfidentialityLow
IntegrityLow
AvailabilityLow
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Affected Vendors & Products

anynines7 product(s)
elasticsearchlogmemongodbmysqlpostgresqlrabbitmqredis
apigee1 product(s)
edge service broker
appdynamics3 product(s)
application analyticsapplication performance monitoringplatform montioring
bluemedora1 product(s)
nozzle
contrastsecurity1 product(s)
service broker
cyberark1 product(s)
conjur service broker
datadoghq1 product(s)
application monitoring
datastax1 product(s)
enterprise service broker
dynatrace1 product(s)
service broker
forgerock1 product(s)
service broker
Google1 product(s)
google cloud platform service broker
IBM1 product(s)
websphere liberty
Microsoft2 product(s)
azure log analytics nozzleazure service broker
newrelic3 product(s)
dotnet extension buildpacknozzleservice broker
pagerduty1 product(s)
service broker
pivotal18 product(s)
cloud foundry command line interfacecloud foundry command line interface releasecloud foundry deploymentcloud foundry deployment concourse taskscloud foundry log cache releasecloud foundry networking releasecloud foundry notificationscloud foundry routing releasecloud foundry smoke testapplication servicecloud foundry autoscaling releasecloud foundry event alerts+6
riverbed1 product(s)
steelcentral appinternals
samba1 product(s)
volume service
signalsciences1 product(s)
service broker
snyk1 product(s)
service broker
Source: NVD CPE · 55 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (4)

Quick Facts

CVE IDCVE-2019-3800
CVSS Score6.3 / 10
SeverityMEDIUM
WeaknessCWE-522
CISA KEVNo
Affected20 vendor(s)
PublishedAug 5, 2019

Related CVEs (CWE-522)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2019-3800 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.