CVE-2019-11268

MEDIUM

Cloud Foundry UAA < 73.3.0 - Authenticated Information Disclosure via Improper Escaping

Title source: llm
STIX 2.1

Description

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-11268

Scores

CVSS v3 4.3
EPSS 0.0101
EPSS Percentile 58.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200 CWE-116
Status published
Products (1)
pivotal_software/cloud_foundry_uaa-release < 73.3.0
Published Jul 11, 2019
Tracked Since Feb 18, 2026