Added CVE-2019-11290

Signed-off-by: Margo Crawford <mcrawford@pivotal.io>
2025-06-21 05:40:25 +00:00 · 2019-11-25 15:51:18 -08:00 · 2019-11-25 15:51:18 -08:00 · 3638a9c26f
commit 3638a9c26f
parent 65ddc318c6
1 changed files with 70 additions and 3 deletions
--- a/2019/11xxx/CVE-2019-11290.json
+++ b/2019/11xxx/CVE-2019-11290.json
@ -3,16 +3,83 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security@pivotal.io",
+        "DATE_PUBLIC": "2019-11-21T00:00:00.000Z",
        "ID": "CVE-2019-11290",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cloud Foundry UAA logs query parameters in tomcat access file"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "UAA Release",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "<",
+                                            "version_name": "All",
+                                            "version_value": "v74.8.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cloud Foundry"
+                }
+            ]
+        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well."
            }
        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-532: Inclusion of Sensitive Information in Log Files"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://www.cloudfoundry.org/blog/cve-2019-11290",
+                "name": "https://www.cloudfoundry.org/blog/cve-2019-11290"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.8,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.0"
+        }
    }
 }