CVE-2019-11268Sensitive Information Exposure in Software Cloud Foundry Uaa-release

CWE-200Sensitive Information ExposureCWE-116Improper Encoding or Escaping of Output3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 42.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pivotal Software Cloud Foundry Uaa-releaseCloud Foundry UAA Release
Timeline
PublishedJul 11
Latest updateMay 24

Description

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cloud_foundry/uaa_releaseprior to v73.3.0

🔴Vulnerability Details

2
GHSA
GHSA-j3cm-76qq-2qmp: Cloud Foundry UAA version prior to 732022-05-24
CVEList
UAA SQL Identity Zone Vulnerability2019-07-11
CVE-2019-11268 — Sensitive Information Exposure | cvebase