admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-112xx/CVE-2019-11290.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

143 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-11290",
"sourceIdentifier": "security@pivotal.io",
"published": "2019-11-26T00:15:11.547",
"lastModified": "2020-10-09T13:19:16.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat\u00e2\u20ac\u2122s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well."
},
{
"lang": "es",
"value": "Cloud Foundry UAA Release, versiones anteriores a la versi\u00f3n v74.8.0, registra todos los par\u00e1metros de consulta en el archivo de acceso de tomcat. Si los par\u00e1metros de consulta se utilizan para proporcionar autenticaci\u00f3n, es decir. credenciales, luego se registrar\u00e1n tambi\u00e9n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@pivotal.io",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "security@pivotal.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.10.0",
"matchCriteriaId": "F9E36917-B37C-42B0-8DC9-AFA832139BF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:*:*:*:*:*:*:*:*",
"versionEndExcluding": "74.8.0",
"matchCriteriaId": "D2C8C7A2-CFA3-4D1C-9B65-A0EF9FFFA8D6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cloudfoundry.org/blog/cve-2019-11290",
"source": "security@pivotal.io",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink