Search
Find a vulnerability
Search criteria
4 vulnerabilities found for pivotal_container_service by pivotal_software
CVE-2019-11273 (GCVE-0-2019-11273)
Vulnerability from nvd – Published: 2019-07-23 22:34 – Updated: 2024-09-16 18:04
VLAI
EPSS
VEX
Title
PKS Telemetry logs credentials
Summary
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.
Severity
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pivotal.io/security/CVE-2019-11273 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pivotal | Pivotal Container Service (PKS) |
Affected:
1.3.x prior to 1.3.7
Affected: 1.4.x prior to 1.4.1 |
Date Public
2019-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/CVE-2019-11273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Container Service (PKS)",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.3.x prior to 1.3.7"
},
{
"status": "affected",
"version": "1.4.x prior to 1.4.1"
}
]
}
],
"datePublic": "2019-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:34:08.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/CVE-2019-11273"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PKS Telemetry logs credentials",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-07-23T16:37:35.385Z",
"ID": "CVE-2019-11273",
"STATE": "PUBLIC",
"TITLE": "PKS Telemetry logs credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Container Service (PKS)",
"version": {
"version_data": [
{
"version_value": "1.3.x prior to 1.3.7"
},
{
"version_value": "1.4.x prior to 1.4.1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/CVE-2019-11273",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/CVE-2019-11273"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11273",
"datePublished": "2019-07-23T22:34:08.022Z",
"dateReserved": "2019-04-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:04:10.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15763 (GCVE-0-2018-15763)
Vulnerability from nvd – Published: 2018-10-05 21:00 – Updated: 2024-09-16 18:48
VLAI
EPSS
VEX
Title
PKS leaks IaaS Credentials to Application Logs
Summary
Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.
Severity
9 (Critical)
CWE
- Information Exposure Through Application Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2018-15763 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pivotal | Pivotal Container Service |
Affected:
all versions , < 1.2.0
(custom)
|
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2018-15763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Container Service",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure Through Application Logs",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T20:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2018-15763"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PKS leaks IaaS Credentials to Application Logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-02T07:00:00.000Z",
"ID": "CVE-2018-15763",
"STATE": "PUBLIC",
"TITLE": "PKS leaks IaaS Credentials to Application Logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Container Service",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "all versions",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Application Logs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-15763",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15763"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-15763",
"datePublished": "2018-10-05T21:00:00.000Z",
"dateReserved": "2018-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:48:32.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11273 (GCVE-0-2019-11273)
Vulnerability from cvelistv5 – Published: 2019-07-23 22:34 – Updated: 2024-09-16 18:04
VLAI
EPSS
VEX
Title
PKS Telemetry logs credentials
Summary
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.
Severity
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pivotal.io/security/CVE-2019-11273 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pivotal | Pivotal Container Service (PKS) |
Affected:
1.3.x prior to 1.3.7
Affected: 1.4.x prior to 1.4.1 |
Date Public
2019-07-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/CVE-2019-11273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Container Service (PKS)",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.3.x prior to 1.3.7"
},
{
"status": "affected",
"version": "1.4.x prior to 1.4.1"
}
]
}
],
"datePublic": "2019-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:34:08.000Z",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/CVE-2019-11273"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PKS Telemetry logs credentials",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-07-23T16:37:35.385Z",
"ID": "CVE-2019-11273",
"STATE": "PUBLIC",
"TITLE": "PKS Telemetry logs credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Container Service (PKS)",
"version": {
"version_data": [
{
"version_value": "1.3.x prior to 1.3.7"
},
{
"version_value": "1.4.x prior to 1.4.1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/CVE-2019-11273",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/CVE-2019-11273"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11273",
"datePublished": "2019-07-23T22:34:08.022Z",
"dateReserved": "2019-04-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:04:10.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15763 (GCVE-0-2018-15763)
Vulnerability from cvelistv5 – Published: 2018-10-05 21:00 – Updated: 2024-09-16 18:48
VLAI
EPSS
VEX
Title
PKS leaks IaaS Credentials to Application Logs
Summary
Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.
Severity
9 (Critical)
CWE
- Information Exposure Through Application Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pivotal.io/security/cve-2018-15763 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pivotal | Pivotal Container Service |
Affected:
all versions , < 1.2.0
(custom)
|
Date Public
2018-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2018-15763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Container Service",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure Through Application Logs",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T20:57:01.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2018-15763"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PKS leaks IaaS Credentials to Application Logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-02T07:00:00.000Z",
"ID": "CVE-2018-15763",
"STATE": "PUBLIC",
"TITLE": "PKS leaks IaaS Credentials to Application Logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Container Service",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "all versions",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Application Logs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-15763",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15763"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-15763",
"datePublished": "2018-10-05T21:00:00.000Z",
"dateReserved": "2018-08-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:48:32.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}