admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2019-11292

Browse Source 
Signed-off-by: Steven Locke <slocke@pivotal.io>
This commit is contained in:
Gary Liu 2020-01-08 15:52:29 -08:00 committed by Steven Locke
parent ab209213c7
commit 8f41cb1a7c
1 changed files with 85 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
2019/11xxx/CVE-2019-11292.json
View File

@ -3,16 +3,98 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-01-08T22:57:26.000Z",
"ID": "CVE-2019-11292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Pivotal Ops Manager logs query parameters in tomcat access file"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Ops Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.7",
"version_value": "2.7.5"
},
{
"affected": "<",
"version_name": "2.6",
"version_value": "2.6.16"
},
{
"affected": "<",
"version_name": "2.5",
"version_value": "2.5.24"
},
{
"affected": "<",
"version_name": "2.4",
"version_value": "2.4.27"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcats access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11292",
"name": "https://pivotal.io/security/cve-2019-11292"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}