CVE-2019-11268
Last modified
CVE-2019-11268 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Cloud Foundry Uaa-Release | < 73.3.0 |
References
- https://www.cloudfoundry.org/blog/cve-2019-11268Vendor Advisory
- https://www.cloudfoundry.org/blog/cve-2019-11268Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11268?
How severe is CVE-2019-11268?
How do I fix CVE-2019-11268?
Are you affected by CVE-2019-11268?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST