Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for cloud_foundry_smb_volume by pivotal_software
CVE-2019-11283 (GCVE-0-2019-11283)
Vulnerability from nvd – Published: 2019-10-23 15:32 – Updated: 2024-09-17 02:01
VLAI?
Title
Password leak in smbdriver logs
Summary
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
Severity ?
8.8 (High)
CWE
- CWE-532 - Inclusion of Sensitive Information in Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | SMB Volume |
Affected:
All , < v2.0.3
(custom)
|
|||||||
|
|||||||||
Date Public ?
2019-10-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMB Volume",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v2.0.3",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "CF Deployment",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v12.2.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Inclusion of Sensitive Information in Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T15:32:22.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Password leak in smbdriver logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-10-22T23:03:26.802Z",
"ID": "CVE-2019-11283",
"STATE": "PUBLIC",
"TITLE": "Password leak in smbdriver logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMB Volume",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v2.0.3"
}
]
}
},
{
"product_name": "CF Deployment",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v12.2.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-11283",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11283",
"datePublished": "2019-10-23T15:32:22.206Z",
"dateReserved": "2019-04-18T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:09.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11283 (GCVE-0-2019-11283)
Vulnerability from cvelistv5 – Published: 2019-10-23 15:32 – Updated: 2024-09-17 02:01
VLAI?
Title
Password leak in smbdriver logs
Summary
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
Severity ?
8.8 (High)
CWE
- CWE-532 - Inclusion of Sensitive Information in Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | SMB Volume |
Affected:
All , < v2.0.3
(custom)
|
|||||||
|
|||||||||
Date Public ?
2019-10-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMB Volume",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v2.0.3",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "CF Deployment",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v12.2.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Inclusion of Sensitive Information in Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T15:32:22.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Password leak in smbdriver logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-10-22T23:03:26.802Z",
"ID": "CVE-2019-11283",
"STATE": "PUBLIC",
"TITLE": "Password leak in smbdriver logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMB Volume",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v2.0.3"
}
]
}
},
{
"product_name": "CF Deployment",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v12.2.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-11283",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11283",
"datePublished": "2019-10-23T15:32:22.206Z",
"dateReserved": "2019-04-18T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:09.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}