Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2019-11271 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: pivotal
Published: 2019-06-17T00:00:00
Updated: 2019-06-21T18:13:16
Reserved: 2019-04-18T00:00:00
Link: CVE-2019-11271
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-19T00:15:12.593
Modified: 2020-10-16T12:57:05.277
Link: CVE-2019-11271
JSON object: View
Redhat Information
No data.