CVE-2019-11268 — MEDIUM (4.3)

Q: How severe is CVE-2019-11268?

CVE-2019-11268 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11268?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Cloud Foundry Uaa-Release.

Vulnerability Description

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Pivotal Software	Cloud Foundry Uaa-Release	< 73.3.0

Related Weaknesses (CWE)

CWE-116 CWE-200

References

https://www.cloudfoundry.org/blog/cve-2019-11268Vendor Advisory
https://www.cloudfoundry.org/blog/cve-2019-11268Vendor Advisory

FAQ

What is CVE-2019-11268?

CVE-2019-11268 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading ...

How severe is CVE-2019-11268?

CVE-2019-11268 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11268?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Cloud Foundry Uaa-Release.