CVE-2019-11290
HIGHCloudfoundry Cf-deployment < 12.10.0 - Log Information Exposure
Title source: ruleDescription
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-11290
Scores
CVSS v3
7.5
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (2)
cloudfoundry/cf-deployment
< 12.10.0
cloudfoundry/user_account_and_authentication
< 74.8.0
Published
Nov 26, 2019
Tracked Since
Feb 18, 2026