Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2019-11293 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: pivotal
Published: 2019-12-03T00:00:00
Updated: 2019-12-06T20:00:17
Reserved: 2019-04-18T00:00:00
Link: CVE-2019-11293
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-06T20:15:09.577
Modified: 2019-12-12T17:22:20.473
Link: CVE-2019-11293
JSON object: View
Redhat Information
No data.
CWE