add CVE-2019-11268

Signed-off-by: William Brandon <wbrandon@pivotal.io>
2025-06-12 02:05:39 +00:00 · 2019-06-28 10:39:49 -07:00 · 2019-06-28 10:39:49 -07:00 · e24bc6e541
commit e24bc6e541
parent 8bce4dc9c8
1 changed files with 77 additions and 4 deletions
--- a/2019/11xxx/CVE-2019-11268.json
+++ b/2019/11xxx/CVE-2019-11268.json
@ -3,16 +3,89 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security@pivotal.io",
+        "DATE_PUBLIC": "2019-06-27T23:26:15.000Z",
        "ID": "CVE-2019-11268",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "UAA SQL Identity Zone Vulnerability"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "UAA Release (OSS)",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "<",
+                                            "version_name": "All",
+                                            "version_value": "v73.3.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cloud Foundry"
+                },
+                {
+                    "product": {
+                        "product_data": []
+                    },
+                    "vendor_name": "Pivotal"
+                }
+            ]
+        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can  extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones."
            }
        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-200: Information Exposure"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://www.cloudfoundry.org/blog/cve-2019-11268",
+                "name": "https://www.cloudfoundry.org/blog/cve-2019-11268"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.5,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "version": "3.0"
+        }
    }
-}
+}