CVE-2019-11283
Summary
| CVE | CVE-2019-11283 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-23 16:15:00 UTC |
| Updated | 2021-08-17 14:29:00 UTC |
| Description | Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudfoundry | Cf-deployment | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Cf-deployment | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Cf-deployment | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Smb Volume | All | All | All | All |
| Application | Pivotal Software | Cloud Foundry Smb Volume | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2019-11283: Password leak in smbdriver logs | Cloud Foundry | CONFIRM | www.cloudfoundry.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.