admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3018

Browse Source 
Auto-merge PR#3018
This commit is contained in:
CVE Team 2020-01-08 18:55:17 -05:00 committed by GitHub
commit 88933b3f73
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 85 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
2019/11xxx/CVE-2019-11292.json
View File

@ -3,16 +3,98 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-01-08T22:57:26.000Z",
"ID": "CVE-2019-11292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Pivotal Ops Manager logs query parameters in tomcat access file"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Ops Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.7",
"version_value": "2.7.5"
},
{
"affected": "<",
"version_name": "2.6",
"version_value": "2.6.16"
},
{
"affected": "<",
"version_name": "2.5",
"version_value": "2.5.24"
},
{
"affected": "<",
"version_name": "2.4",
"version_value": "2.4.27"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcats access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11292",
"name": "https://pivotal.io/security/cve-2019-11292"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}