CVE-2019-11294

Published: Dec 19, 2019Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.

Affected (2)

Products: Cloudfoundry: Capi Release, Cf Deployment

Cloudfoundry

2 products

Capi Release

Cf Deployment

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cloudfoundry Capi Release	Version 1.88.0
Cloudfoundry Cf Deployment	Before 12.7.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.cloudfoundry.org/blog/cve-2019-11294

Source: security@pivotal.io

Vendor Advisory

https://www.cloudfoundry.org/blog/cve-2019-11294

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.