HIGH🇬🇧 English

CVE-2019-11271

CVSS 7.8v3.1pub. 2019-06-19upd. 2024-11-21

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cloud Foundry Bosh

    APP
    Cloud Foundry
    270.0.0 – 270.1.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-11083HIGH8.1ten sam produkt

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and...

CVE-2017-4961HIGH8.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x v...

CVE-2026-41009MEDIUM4.3ten sam produkt

When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by A...

CVE-2026-41704MEDIUM6.8ten sam produkt

AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) o...

CVE-2018-15800HIGH8.1ten sam vendor

Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remo...

CVE-2019-11271 — HIGH 7.8 | CVEbaza.pl