CVE-2019-3780

Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.
References
Link Resource
https://www.cloudfoundry.org/blog/cve-2019-3780 Vendor Advisory
http://www.securityfocus.com/bid/107434 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:cloudfoundry:container_runtime:*:*:*:*:*:*:*:*

Information

Published : 2019-03-08 04:29

Updated : 2020-10-19 05:56


NVD link : CVE-2019-3780

Mitre link : CVE-2019-3780

Products Affected
No products.
CWE