Vulnerability Details CVE-2019-3783
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.1%
CVSS Severity
CVSS v3 Score 8.7
CVSS v2 Score 4.0
Products affected by CVE-2019-3783
-
cpe:2.3:a:cloudfoundry:stratos:0.9.0
-
cpe:2.3:a:cloudfoundry:stratos:0.9.1
-
cpe:2.3:a:cloudfoundry:stratos:0.9.2
-
cpe:2.3:a:cloudfoundry:stratos:0.9.5
-
cpe:2.3:a:cloudfoundry:stratos:0.9.6
-
cpe:2.3:a:cloudfoundry:stratos:0.9.7
-
cpe:2.3:a:cloudfoundry:stratos:0.9.8
-
cpe:2.3:a:cloudfoundry:stratos:0.9.9
-
cpe:2.3:a:cloudfoundry:stratos:1.0.0
-
cpe:2.3:a:cloudfoundry:stratos:1.0.2
-
cpe:2.3:a:cloudfoundry:stratos:1.1.0
-
cpe:2.3:a:cloudfoundry:stratos:2.0.0
-
cpe:2.3:a:cloudfoundry:stratos:2.0.1
-
cpe:2.3:a:cloudfoundry:stratos:2.1.0
-
cpe:2.3:a:cloudfoundry:stratos:2.1.0-3
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-1
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-2
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-3
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-4
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-5
-
cpe:2.3:a:cloudfoundry:stratos:2.1.1-6
-
cpe:2.3:a:cloudfoundry:stratos:2.1.2
-
cpe:2.3:a:cloudfoundry:stratos:2.2.0
-
cpe:2.3:a:cloudfoundry:stratos:2.2.0-3
-
cpe:2.3:a:cloudfoundry:stratos:2.2.0-4
-
cpe:2.3:a:cloudfoundry:stratos:2.2.0-5