CVE-2019-11283

HIGH

Cloudfoundry Cf-deployment < 12.2.0 - Log Information Exposure

Title source: rule

Description

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.

References (1)

[Vendor Advisory] https://www.cloudfoundry.org/blog/cve-2019-11283

Scores

CVSS v3 8.8

EPSS 0.0047

EPSS Percentile 64.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-532

Status published

Affected Products (2)

cloudfoundry/cf-deployment < 12.2.0

pivotal_software/cloud_foundry_smb_volume < 2.0.3

Timeline

Published Oct 23, 2019

Tracked Since Feb 18, 2026