CVE-2019-3793 Information

Description

Pivotal Apps Manager Release versions 665.0.x prior to 665.0.28 versions 666.0.x prior to 666.0.21 versions 667.0.x prior to 667.0.7 contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://pivotal.io/security/cve-2019-3793

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8