PT-2019-12219 · Oracle+1 · Mysql Server+1

Published

2019-06-18

Updated

2020-10-16

CVE-2019-11271

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry BOSH versions prior to 270.1.1

Description The issue concerns a problem with the BOSH Director in Cloud Foundry BOSH, where it fails to properly redact credentials when configured to use a MySQL database. This could allow a local authenticated malicious user to read any credentials contained in a BOSH manifest.

Recommendations For versions prior to 270.1.1, update to version 270.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the BOSH Director and MySQL database to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-532

Related Identifiers

CVE-2019-11271

Affected Products

Cloud Foundry Bosh

Mysql Server

PT-2019-12219 · Oracle+1 · Mysql Server+1

CVE-2019-11271

Weakness Enumeration

Related Identifiers

Affected Products

References · 3