CVE-2019-11271
HIGHCloud Foundry Bosh < 270.1.1 - Insufficiently Protected Credentials
Title source: ruleDescription
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-11271
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
CWE-532
Status
published
Products (1)
cloud_foundry/bosh
270.0.0 - 270.1.1
Published
Jun 19, 2019
Tracked Since
Feb 18, 2026