{"id":"CVE-2019-3800","details":"CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.","modified":"2026-07-01T11:53:27.153082449Z","published":"2019-08-05T17:15:10.960Z","database_specific":{"unresolved_ranges":[{"vendor_product":"anynines:elasticsearch","extracted_events":[{"fixed":"2.1.2"}],"cpes":["cpe:2.3:a:anynines:elasticsearch:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"anynines:logme","extracted_events":[{"fixed":"2.1.2"}],"cpes":["cpe:2.3:a:anynines:logme:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"2.1.2"}],"vendor_product":"anynines:mongodb","cpes":["cpe:2.3:a:anynines:mongodb:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"anynines:mysql","extracted_events":[{"fixed":"2.1.2"}],"cpes":["cpe:2.3:a:anynines:mysql:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"2.1.2"}],"vendor_product":"anynines:postgresql","cpes":["cpe:2.3:a:anynines:postgresql:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"2.1.2"}],"vendor_product":"anynines:rabbitmq","cpes":["cpe:2.3:a:anynines:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"anynines:redis","extracted_events":[{"fixed":"2.1.2"}],"cpes":["cpe:2.3:a:anynines:redis:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"apigee:edge_service_broker","extracted_events":[{"fixed":"3.1.3"}],"cpes":["cpe:2.3:a:apigee:edge_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"4.7.652"}],"vendor_product":"appdynamics:application_analytics","cpes":["cpe:2.3:a:appdynamics:application_analytics:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"4.6.64"}],"vendor_product":"appdynamics:application_performance_monitoring","cpes":["cpe:2.3:a:appdynamics:application_performance_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"appdynamics:platform_montioring","extracted_events":[{"fixed":"4.7.712"}],"cpes":["cpe:2.3:a:appdynamics:platform_montioring:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"3.1.1"}],"vendor_product":"bluemedora:nozzle","cpes":["cpe:2.3:a:bluemedora:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"cyberark:conjur_service_broker","extracted_events":[{"fixed":"1.1.1"}],"cpes":["cpe:2.3:a:cyberark:conjur_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"datastax:enterprise_service_broker","extracted_events":[{"fixed":"1.0.2"}],"cpes":["cpe:2.3:a:datastax:enterprise_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"dynatrace:service_broker","extracted_events":[{"fixed":"1.4.2"}],"cpes":["cpe:2.3:a:dynatrace:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"forgerock:service_broker","extracted_events":[{"fixed":"2.1.2"}],"cpes":["cpe:2.3:a:forgerock:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"4.2.3"}],"vendor_product":"google:google_cloud_platform_service_broker","cpes":["cpe:2.3:a:google:google_cloud_platform_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"ibm:websphere_liberty_","extracted_events":[{"fixed":"3.11.0"}],"cpes":["cpe:2.3:a:ibm:websphere_liberty_:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"microsoft:azure_log_analytics_nozzle","extracted_events":[{"fixed":"1.4.1"}],"cpes":["cpe:2.3:a:microsoft:azure_log_analytics_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"1.4.1"}],"vendor_product":"microsoft:azure_service_broker","cpes":["cpe:2.3:a:microsoft:azure_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"newrelic:dotnet_extension_buildpack","extracted_events":[{"fixed":"1.1.1"}],"cpes":["cpe:2.3:a:newrelic:dotnet_extension_buildpack:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"newrelic:nozzle","extracted_events":[{"fixed":"1.1.17"}],"cpes":["cpe:2.3:a:newrelic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"newrelic:service_broker","extracted_events":[{"fixed":"1.12.64"}],"cpes":["cpe:2.3:a:newrelic:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pagerduty:service_broker","extracted_events":[{"fixed":"1.2.4"}],"cpes":["cpe:2.3:a:pagerduty:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pivotal:application_service","extracted_events":[{"introduced":"2.3.0"},{"fixed":"2.3.14"},{"introduced":"2.4.0"},{"fixed":"2.4.10"},{"introduced":"2.5.0"},{"fixed":"2.5.6"}],"cpes":["cpe:2.3:a:pivotal:application_service:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"219"}],"vendor_product":"pivotal:cloud_foundry_autoscaling_release","cpes":["cpe:2.3:a:pivotal:cloud_foundry_autoscaling_release:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"1.16.0"}],"vendor_product":"pivotal:cloud_foundry_command_line_interface_release","cpes":["cpe:2.3:a:pivotal:cloud_foundry_command_line_interface_release:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pivotal:cloud_foundry_event_alerts","extracted_events":[{"fixed":"1.2.8"}],"cpes":["cpe:2.3:a:pivotal:cloud_foundry_event_alerts:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pivotal:cloud_foundry_healthwatch","extracted_events":[{"introduced":"1.4.0"},{"fixed":"1.4.7"},{"introduced":"1.5.0"},{"fixed":"1.5.4"}],"cpes":["cpe:2.3:a:pivotal:cloud_foundry_healthwatch:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pivotal:cloud_foundry_notifications","extracted_events":[{"fixed":"58"}],"cpes":["cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pivotal:cloud_foundry_smoke_test","extracted_events":[{"fixed":"40.0.113"}],"cpes":["cpe:2.3:a:pivotal:cloud_foundry_smoke_test:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pivotal:credhub_service_broker_for_pcf","extracted_events":[{"fixed":"1.3.2"}],"cpes":["cpe:2.3:a:pivotal:credhub_service_broker_for_pcf:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"1.2"}],"vendor_product":"pivotal:metric_registrar_release","cpes":["cpe:2.3:a:pivotal:metric_registrar_release:*:*:*:*:*:*:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pivotal:pivotal_cloud_foundry_service_broker","extracted_events":[{"fixed":"1.4.13"}],"cpes":["cpe:2.3:a:pivotal:pivotal_cloud_foundry_service_broker:*:*:*:*:*:aws:*:*"],"source":"CPE_RANGE"},{"vendor_product":"pivotal:single_sign-on","extracted_events":[{"introduced":"1.7.0"},{"fixed":"1.7.5"},{"introduced":"1.8.0"},{"fixed":"1.8.4"},{"introduced":"1.9.0"},{"fixed":"1.9.1"}],"cpes":["cpe:2.3:a:pivotal:single_sign-on:*:*:*:*:*:cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"riverbed:steelcentral_appinternals","extracted_events":[{"fixed":"10.21.1-bl516"}],"cpes":["cpe:2.3:a:riverbed:steelcentral_appinternals:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"1.1.1"}],"vendor_product":"samba:volume_service","cpes":["cpe:2.3:a:samba:volume_service:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"snyk:service_broker","extracted_events":[{"fixed":"1.0.3"}],"cpes":["cpe:2.3:a:snyk:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"solace:pubsub+","extracted_events":[{"fixed":"2.3.2"}],"cpes":["cpe:2.3:a:solace:pubsub\\+:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"splunk:nozzle","extracted_events":[{"fixed":"1.1.1"}],"cpes":["cpe:2.3:a:splunk:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"1.0.1"}],"vendor_product":"sumologic:nozzle","cpes":["cpe:2.3:a:sumologic:nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"1.2.14"}],"vendor_product":"synopsys:seeker_iast_service_broker","cpes":["cpe:2.3:a:synopsys:seeker_iast_service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"2.4.4"}],"vendor_product":"tibco:businessworks_buildpack","cpes":["cpe:2.3:a:tibco:businessworks_buildpack:*:*:*:*:container:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"extracted_events":[{"fixed":"1.0.2"}],"vendor_product":"wavefront:wavefront_by_vmware_nozzle","cpes":["cpe:2.3:a:wavefront:wavefront_by_vmware_nozzle:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"},{"vendor_product":"yugabyte:db_enterprise","extracted_events":[{"fixed":"1.1.8"}],"cpes":["cpe:2.3:a:yugabyte:db_enterprise:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"source":"CPE_RANGE"}]},"references":[{"type":"ADVISORY","url":"https://pivotal.io/security/cve-2019-3800"},{"type":"ADVISORY","url":"https://www.cloudfoundry.org/blog/cve-2019-3800"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/bosh-package-cf-cli-release","events":[{"introduced":"0"},{"fixed":"c8d31766bffd9f41b2a2a6a0847a53a4cd9a3d02"},{"fixed":"35caa229ead3dc8dceba1dcc22a38b772344539e"},{"fixed":"70220234548fe75c4d4e2ff138f4552c00e66b16"}],"database_specific":{"cpe":["cpe:2.3:a:contrastsecurity:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*","cpe:2.3:a:datadoghq:application_monitoring:*:*:*:*:*:pivotal_cloud_foundry:*:*","cpe:2.3:a:signalsciences:service_broker:*:*:*:*:*:pivotal_cloud_foundry:*:*"],"extracted_events":[{"introduced":"0"},{"fixed":"2.2.0"},{"fixed":"1.7.0"},{"fixed":"1.1.0"}],"source":"CPE_RANGE"}}],"versions":["v2.1.0","v2.0.0","v1.69.0","v1.68.0","v1.67.0","v1.66.0","v1.65.0","v1.64.0","1.63.0","1.62.0","1.61.0","1.60.0","v1.59.0","1.59.0","1.57.0","v1.56.0","1.56.0","1.54.0","v1.53.0","1.53.0","1.51.0","v1.50.0","1.50.0","v1.49.0","1.49.0","1.48.0","v1.47.0","1.47.0","v1.45.0","1.45.0","v1.44.0","v1.43.0","v1.41.0","1.41.0","1.40.0","v1.38.0","v1.36.0","v1.35.0","v1.33.0","v1.32.0","v1.31.0","v1.30.0","1.3","v1.29.0","v1.28.0","v1.27.0","v1.26.0","v1.25.0","v1.24.0","v1.23.0","v1.22.0","v1.21.0","v1.20.0","v1.19.0","v1.18.0","v1.17.0","v1.16.0","v1.15.0","v1.14.0","v1.13.0","v1.12.0","v1.11.0","v1.10.0","v1.8.0","v1.7.0","v1.6.0","v1.5.0","v1.4.0","v1.3.0","v1.1.0","v1.0.0","v0.4.0","v0.3.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/cf-deployment","events":[{"introduced":"0"},{"fixed":"98c1d5af66e2d316711bf8a4cab0d44f88c61fa3"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"10.0.0"}],"cpe":"cpe:2.3:a:pivotal:cloud_foundry_deployment:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["v7.9.0","v7.8.0","v7.6.0","v7.5.0","v7.4.0","v7.3.0","v7.2.0","v7.1.0","v7.0.0","v6.10.0","v6.9.0","v6.8.0","v6.7.0","v6.6.0","v6.5.0","v6.4.0","v6.3.0","v6.2.0","v6.1.0","v6.0.0","v5.5.0","v5.4.0","v5.3.0","v5.1.0","v5.0.0","v4.5.0","v4.4.0","v4.3.0","v4.2.0","v4.1.0","v4.0.0","v3.6.0","v3.5.0","v3.4.0","v3.3.0","v3.2.0","v3.1.0","v3.0.0","v2.5.0","v2.4.0","v2.3.0","v2.2.0","v2.1.0","v2.0.0","v1.38.0","v1.37.0","v1.36.0","v1.35.0","v1.34.0","v1.33.0","v1.32.0","v1.31.0","v1.30.0","v1.29.0","v1.28.0","v1.27.0","v1.26.0","v1.25.0","v1.24.0","v1.23.0","v1.22.0","v1.21.0","v1.20.0","v1.19.0","v1.18.0","v1.16.0","v1.17.0","v1.15.0","v1.14.0","v1.13.0","v1.12.0","v1.11.0","v1.10.0","v1.9.0","v1.8.0","v1.7.0","v1.6.0","v1.5.0","v1.4.0","v1.3.0","v1.2.0","v1.1.0","v0.37.0","v1.0.0","v0.36.0","v0.35.0","v0.34.0","v0.33.0","v0.32.0","v0.31.0","v0.30.0","v0.28.0","v0.29.0","v0.15.0","v0.13.0","v0.14.0","v0.12.0","v0.11.0","v0.10.0","v0.9.1","v0.9.0","v0.8.0","v0.3.0","v0.7.0","v0.5.0","v0.2.1","v0.2.2","v0.2.0","v0.1.0","v0.0.2","v0.0.1","v0.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/cf-deployment-concourse-tasks","events":[{"introduced":"0"},{"fixed":"1977784f71a6cd3e5fa75a95175a277440ca177a"}],"database_specific":{"cpe":"cpe:2.3:a:pivotal:cloud_foundry_deployment_concourse_tasks:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"9.3.0"}],"source":"CPE_RANGE"}}],"versions":["v9.2.0","v9.1.0","v9.0.0","v8.18.0","v8.17.0","v8.16.0","v8.15.0","v8.14","v8.13","v8.12","8.12","v8.11","v8.10","v8.9","v8.8","v8.7","v8.6","v8.5","v8.4","v8.3","v8.2","v8.1","v8.0","v7.16","v7.15","v7.14","v7.13","v7.12","v7.11","v7.10","v7.9","v7.8","v7.7","v7.6","v7.5","v7.4","v7.3","v7.2","v7.1","v7.0","v6.14","v6.13","v6.12","v6.11","v6.10","v6.9","v6.8","v6.7","v6.6","v6.5","v6.4","v6.3","v6.2","v6.1","v6.0","v5.7","v5.6","v5.5","v5.4","v5.3","v5.2","v5.1","v5.0","v4.21","v4.20","v4.19","v4.18","v4.17","v4.16","v4.15","v4.14","v4.13","v4.12","v4.11","4.11","v4.10","v4.9","v4.8","v4.7","v4.6","v4.5","v4.4","v4.3","v4.2","v4.1","v4.0","v3.17","v3.16","v3.15","v3.14","v3.13","v3.12","v3.11","v3.10","v3.9","v3.8","v3.7","v3.6","v3.5","v3.4","v3.3","v3.2","v3.1","v3.0","v2.2","v2.1","v2.0","v1.6","v1.5","v1.4","v1.3","v1.2","v1.1","v1.0","v0.3","v0.2","v0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/cf-networking-release","events":[{"introduced":"0"},{"fixed":"12f0f71df65ae17c1d29f7171d4822df95302058"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.23.0"}],"cpe":"cpe:2.3:a:pivotal:cloud_foundry_networking_release:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["2.22.0","2.21.0","2.18.0","v1.10.0","1.10.0","v1.8.1","1.8.1","v1.6.0","1.6.0","v1.4.0","1.4.0","v1.7.0","1.7.0","v1.5.0","1.5.0","v1.3.4","1.3.4","v0.24.0","0.24.0","v0.21.0","0.21.0","v0.20.0","0.20.0","v0.17.0","0.17.0","v0.15.0","0.15.0","v0.13.0","0.13.0","v0.12.0","0.12.0","v0.8.0","0.8.0","v0.5.0","0.5.0","v0.2.0","v0.1.0","0.2.1","0.2.0","0.1.1","0.1.0","v0.0.3-cli","0.0.3-cli","v0.0.2-cli","0.0.2-cli","v0.0.1-cli","0.0.1-cli"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/cli","events":[{"introduced":"0"},{"fixed":"5f9ff16f99a0345f98f147765db0e36aef91c795"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"6.45.0"}],"cpe":"cpe:2.3:a:pivotal:cloud_foundry_command_line_interface:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["v6.44.1","v6.44.0","v6.43.1-1","v6.43.0","v6.42.0","v6.41.0","v6.40.1","v6.40.0","v6.39.1","v6.39.0","v6.38.0","v6.37.0","v6.36.1","v6.36.0","v6.35.2","v6.35.1","v6.35.0","push","v6.34.1","v6.34.0","v6.33.1","v6.33.0","st","v6.32.0","v6.31.0","v6.30.0","v6.29.2","v6.29.1","v6.29.0","v6.28.0","v6.27.0","v6.26.0","v6.25.0","v6.24.0","v6.23.1","v6.23.0","v6.22.1","v6.21.1","v6.21.0","v6.20.0","v6.19.0","v6.18.1","v6.18.0","v6.17.1","v6.17.0","v6.16.0","v6.15.0","v6.14.1","v6.14.0","v6.13.0","v6.12.4","v6.12.3","v6.12.2","v6.12.1","v6.12.0","v6.11.3","v6.11.2","v6.11.1","v6.11.0","v6.10.0","v6.9.0","v6.8.0","v6.7.0","v6.6.2","v6.6.1","v6.6.0","v6.5.1","v6.5.0","v6.4.0","v6.3.2","v6.3.1","v6.3.0","v6.2.0","v6.1.2","v6.1.1","v6.1.0","v9001","v9000","v6.0.1234","v6.0.0","v6.0.0-beta2","v6.0.0-beta","v0.0.1.alpha"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/log-cache-release","events":[{"introduced":"0"},{"fixed":"809710fa4a787e876fd5106e365931c0be158d25"}],"database_specific":{"cpe":"cpe:2.3:a:pivotal:cloud_foundry_log_cache_release:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.3.1"}],"source":"CPE_RANGE"}}],"versions":["v2.0.1","v1.3.0","v1.4.4","v1.4.2","v1.4.1","v1.4.0","v1.1.1","v1.0.0","v0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/routing-release","events":[{"introduced":"0"},{"fixed":"07fdc7dd37d538f5f4616b72ea51ccf329d0d02d"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.189.0"}],"cpe":"cpe:2.3:a:pivotal:cloud_foundry_routing_release:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["0.187.0","0.186.0","0.184.0","0.183.0","0.180.0","0.179.0","0.178.0","0.176.0","0.175.0","0.174.0","0.173.0","0.172.0","0.171.0","0.166.0","0.162.0","0.160.0","0.157.0","0.154.0","0.147.0","0.142.0","0.137.0","0.136.0","0.134.0","0.123.0","0.121.0","0.118.0","0.99.0","0.69.0","0.66.0","0.62.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/pivotal-cf/on-demand-service-broker","events":[{"introduced":"0"},{"fixed":"ead0838db6ca2110f7c23fd31c5764151ee2b6fd"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.29.0"}],"cpe":"cpe:2.3:a:pivotal:on_demand_service_broker:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["v0.28.0","v0.27.0","v0.26.1","v0.26.0","v0.25.0","v0.24.0","v0.23.0","v0.22.0","v0.22.0-alpha2","v0.22.0-alpha.1","v0.21.2","v0.21.1","v0.21.0","v0.21.0-alpha.2","v0.20.0","v0.20.0-alpha.2","v0.20.0-alpha.1","v0.19.0","v0.18.0","v0.18.0-alpha-1","v0.17.3-alpha1","v0.17.2","v0.17.1","v0.17.1-alpha1","v0.17.0","v0.17.0-alpha1","v0.16.1","v0.16.0","v0.15.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3800.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}