Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.
References
Link | Resource |
---|---|
https://pivotal.io/security/cve-2019-3793 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2019-04-16T00:00:00
Updated: 2019-04-24T15:21:10
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3793
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-04-24T16:29:02.263
Modified: 2020-10-16T17:52:37.453
Link: CVE-2019-3793
JSON object: View
Redhat Information
No data.