CVE-2019-11294 MEDIUM

CVE-2019-11294: CAPI leaks service broker URLs and GUIDs to space developers

Vendor Cloud Foundry

Product CAPI

Weakness CWE-200 · Info exposure

Published December 19, 2019

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.

Key dates

02Disclosure timeline

December 19, 2019 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-11294

Related vulnerabilities

CVE-2019-11294: CAPI leaks service broker URLs and GUIDs to space developers

01Description

02Disclosure timeline

03References

04Related CVE