{"id":"CVE-2019-3781","details":"Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.","modified":"2026-04-10T04:18:07.267870Z","published":"2019-03-07T18:29:00.587Z","related":["SUSE-SU-2019:1220-1","SUSE-SU-2019:1220-2"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107365"},{"type":"ADVISORY","url":"https://www.cloudfoundry.org/blog/cve-2019-3781"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/cli","events":[{"introduced":"0"},{"fixed":"815ea2f3d41a98d7a7e4e520509160ba8b355725"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.43.0"}]}}],"versions":["push","st","v0.0.1.alpha","v6.0.0","v6.0.0-beta","v6.0.0-beta2","v6.0.1234","v6.1.0","v6.1.1","v6.1.2","v6.10.0","v6.11.0","v6.11.1","v6.11.2","v6.11.3","v6.12.0","v6.12.1","v6.12.2","v6.12.3","v6.12.4","v6.13.0","v6.14.0","v6.14.1","v6.15.0","v6.16.0","v6.17.0","v6.17.1","v6.18.0","v6.18.1","v6.19.0","v6.2.0","v6.20.0","v6.21.0","v6.21.1","v6.22.1","v6.23.0","v6.23.1","v6.24.0","v6.25.0","v6.26.0","v6.27.0","v6.28.0","v6.29.0","v6.29.1","v6.29.2","v6.3.0","v6.3.1","v6.3.2","v6.30.0","v6.31.0","v6.32.0","v6.33.0","v6.33.1","v6.34.0","v6.34.1","v6.35.0","v6.35.1","v6.35.2","v6.36.0","v6.36.1","v6.37.0","v6.38.0","v6.39.0","v6.39.1","v6.4.0","v6.40.0","v6.40.1","v6.41.0","v6.42.0","v6.5.0","v6.5.1","v6.6.0","v6.6.1","v6.6.2","v6.7.0","v6.8.0","v6.9.0","v9000","v9001"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3781.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}