admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2019/11xxx/CVE-2019-11290.json
Steven Locke 3638a9c26f Added CVE-2019-11290 
Signed-off-by: Margo Crawford <mcrawford@pivotal.io>
2019-11-25 15:51:18 -08:00

85 lines
2.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-11-21T00:00:00.000Z",
"ID": "CVE-2019-11290",
"STATE": "PUBLIC",
"TITLE": "Cloud Foundry UAA logs query parameters in tomcat access file"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UAA Release",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "All",
"version_value": "v74.8.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcats access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11290",
"name": "https://www.cloudfoundry.org/blog/cve-2019-11290"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
Reference in New Issue View Git Blame Copy Permalink