CVE-2019-11271 MEDIUM

CVE-2019-11271: Bosh Deployment logs leak sensitive information

Vendor Cloud Foundry
Product BOSH
Weakness CWE-532 · Sensitive info in logs
Published June 18, 2019
Last update September 17, 2024

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.

Key dates

02Disclosure timeline

June 18, 2019 CVE published
September 17, 2024 Record updated