Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service.

Related CVEs

CVE-2019-3785

Key Information

GHSA ID

GHSA-84j7-fm4m-279g

Published

May 24, 2022 10:01 PM

Last Modified

May 24, 2022 10:01 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 8, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.