From 3638a9c26ffb959182c0851aa4f94e3add7af536 Mon Sep 17 00:00:00 2001
From: Steven Locke <slocke@pivotal.io>
Date: Mon, 25 Nov 2019 15:51:18 -0800
Subject: [PATCH] Added CVE-2019-11290

Signed-off-by: Margo Crawford <mcrawford@pivotal.io>
---
 2019/11xxx/CVE-2019-11290.json | 73 ++++++++++++++++++++++++++++++++--
 1 file changed, 70 insertions(+), 3 deletions(-)

diff --git a/2019/11xxx/CVE-2019-11290.json b/2019/11xxx/CVE-2019-11290.json
index 24021cec9f6..fe916e16dee 100644
--- a/2019/11xxx/CVE-2019-11290.json
+++ b/2019/11xxx/CVE-2019-11290.json
@@ -3,16 +3,83 @@
     "data_format": "MITRE",
     "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "security@pivotal.io",
+        "DATE_PUBLIC": "2019-11-21T00:00:00.000Z",
         "ID": "CVE-2019-11290",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cloud Foundry UAA logs query parameters in tomcat access file"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "UAA Release",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "<",
+                                            "version_name": "All",
+                                            "version_value": "v74.8.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cloud Foundry"
+                }
+            ]
+        }
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well."
             }
         ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-532: Inclusion of Sensitive Information in Log Files"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://www.cloudfoundry.org/blog/cve-2019-11290",
+                "name": "https://www.cloudfoundry.org/blog/cve-2019-11290"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.8,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.0"
+        }
     }
 }
\ No newline at end of file