{"id":"CVE-2019-3780","details":"Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.","modified":"2026-04-10T04:18:39.441389Z","published":"2019-03-08T16:29:00.287Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107434"},{"type":"ADVISORY","url":"https://www.cloudfoundry.org/blog/cve-2019-3780"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry-incubator/kubo-release","events":[{"introduced":"0"},{"fixed":"4adf918a07584a19e73fdcf51bfccc11d977f307"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.28.0"}]}}],"versions":["0.7.0","v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.5","v0.10.0","v0.11.0","v0.11.1","v0.12.0","v0.13.0","v0.14.0","v0.15.0","v0.17.0-alpha.0","v0.17.0-alpha.1","v0.17.0-alpha.2","v0.17.0-alpha.4","v0.17.0-alpha.5","v0.17.0-alpha.6","v0.17.0-alpha.7","v0.17.1","v0.17.2","v0.17.3","v0.17.4","v0.18.0","v0.18.0-alpha","v0.18.0-alpha.3","v0.18.1","v0.19.0","v0.20.0","v0.20.1","v0.21.0","v0.22.0","v0.23.0","v0.24.0-alpha.1","v0.25.0","v0.25.1","v0.25.3","v0.26.0","v0.27.0","v0.6.0","v0.7.0","v0.8.0","v0.8.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3780.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}