CVE-2019-11271

Name of the Vulnerable Software and Affected Versions Cloud Foundry BOSH versions prior to 270.1.1

Description The issue concerns a problem with the BOSH Director in Cloud Foundry BOSH, where it fails to properly redact credentials when configured to use a MySQL database. This could allow a local authenticated malicious user to read any credentials contained in a BOSH manifest.

Recommendations For versions prior to 270.1.1, update to version 270.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the BOSH Director and MySQL database to minimize the risk of exploitation.