Vulnerabilities (CVE)

Filtered by vendor Cloudfoundry Subscribe
Filtered by product Stratos
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3784 1 Cloudfoundry 1 Stratos 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.
CVE-2019-3783 1 Cloudfoundry 1 Stratos 2024-02-28 4.0 MEDIUM 8.8 HIGH
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.