CVE-2019-11276

Name of the Vulnerable Software and Affected Versions Pivotal Application Service versions 2.3.x through 2.3.15 Pivotal Application Service versions 2.4.x through 2.4.11 Pivotal Application Service versions 2.5.x through 2.5.7 Pivotal Application Service versions 2.6.x through 2.6.2

Description The issue allows an adjacent unauthenticated user to eavesdrop on network traffic and gain access to an unencrypted token. This token can be used to read the type of access a user has over an app. Additionally, the attacker may modify the logging level, potentially leading to lost information.

Recommendations For Pivotal Application Service versions 2.3.x through 2.3.15, update to version 2.3.16 or later. For Pivotal Application Service versions 2.4.x through 2.4.11, update to version 2.4.12 or later. For Pivotal Application Service versions 2.5.x through 2.5.7, update to version 2.5.8 or later. For Pivotal Application Service versions 2.6.x through 2.6.2, update to version 2.6.3 or later.