CVE-2019-3783

Published: 2019-03-07T18:29Z

Last Modified: 2024-11-21T04:42Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt