CVE-2019-11293
moderate-risk
Published 2019-12-06
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.
Do I need to act?
-
0.54% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (2)
User Account And Authentication
Affected Vendors
References (2)
Vendor Advisory
https://www.cloudfoundry.org/blog/cve-2019-11293
Vendor Advisory
https://www.cloudfoundry.org/blog/cve-2019-11293
33
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
2/34 · Minimal
Exposure
7/34 · Low