The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
                
            References
                    | Link | Resource | 
|---|---|
| http://www.securityfocus.com/bid/108512 | Third Party Advisory VDB Entry | 
| https://pivotal.io/security/cve-2019-3790 | Vendor Advisory | 
| http://www.securityfocus.com/bid/108512 | Third Party Advisory VDB Entry | 
| https://pivotal.io/security/cve-2019-3790 | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2019-06-06 19:29
Updated : 2024-11-21 04:42
NVD link : CVE-2019-3790
Mitre link : CVE-2019-3790
CVE.ORG link : CVE-2019-3790
JSON object : View
Products Affected
                pivotal_software
- operations_manager
