CVE-2019-11283

August 17, 2021

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.

Summary:

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.

Reference Links(if available):

  • https://www.cloudfoundry.org/blog/cve-2019-11283

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    HIBP Banner 1

    Piping Rock – 2,103,100 breached accounts

    April 27, 2024
    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 27, 2024
    CISA Logo

    CISA: CISA and Partners Release Advisory on Akira Ransomware

    April 27, 2024
    CISA Logo

    CISA: CISA Releases Four Industrial Control Systems Advisories

    April 27, 2024
    CISA Logo

    CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

    April 27, 2024