CVE-2019-11268

Published: Jul 11, 2019Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

Affected (1)

Products: Pivotal Software: Cloud Foundry Uaa Release

Pivotal Software

1 product

Cloud Foundry Uaa Release

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Cloud Foundry Uaa Release	Before 73.3.0

Related CWEs

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.cloudfoundry.org/blog/cve-2019-11268

Source: security@pivotal.io

Vendor Advisory

https://www.cloudfoundry.org/blog/cve-2019-11268

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.