Search criteria
144 vulnerabilities by pivotal_software
CVE-2022-31683 (GCVE-0-2022-31683)
Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-16 13:57
VLAI?
Summary
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
Severity ?
5.4 (Medium)
CWE
- Authorization Bypass vulnerability
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31683",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T13:55:04.393045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T13:57:09.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Concourse",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization Bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://github.com/concourse/concourse/security/advisories/GHSA-5jp2-vwrj-99rf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31683",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-04-16T13:57:09.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22112 (GCVE-0-2021-22112)
Vulnerability from cvelistv5 – Published: 2021-02-23 18:48 – Updated: 2024-08-03 18:30
VLAI?
Summary
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation by changing security context
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:24.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210219 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/19/7"
},
{
"name": "[nifi-issues] 20210510 [GitHub] [nifi] exceptionfactory opened a new pull request #5066: NIFI-8502 Upgrade Spring Framework to 5.3.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b%40%3Cissues.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2021-22112"
},
{
"name": "[portals-pluto-dev] 20210623 [jira] [Closed] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210623 [jira] [Updated] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210623 [portals-pluto] branch master updated: PLUTO-786 Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Updated] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Reopened] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Reopened] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Comment Edited] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-786 Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application\u0027s intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation by changing security context",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:40:55",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "[oss-security] 20210219 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/19/7"
},
{
"name": "[nifi-issues] 20210510 [GitHub] [nifi] exceptionfactory opened a new pull request #5066: NIFI-8502 Upgrade Spring Framework to 5.3.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b%40%3Cissues.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2021-22112"
},
{
"name": "[portals-pluto-dev] 20210623 [jira] [Closed] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210623 [jira] [Updated] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210623 [portals-pluto] branch master updated: PLUTO-786 Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Updated] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Reopened] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Reopened] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Comment Edited] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f%40%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-786 Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc%40%3Cpluto-scm.portals.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"version_value": "5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application\u0027s intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation by changing security context"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20210219 Vulnerability in Jenkins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/02/19/7"
},
{
"name": "[nifi-issues] 20210510 [GitHub] [nifi] exceptionfactory opened a new pull request #5066: NIFI-8502 Upgrade Spring Framework to 5.3.6",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://tanzu.vmware.com/security/cve-2021-22112",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2021-22112"
},
{
"name": "[portals-pluto-dev] 20210623 [jira] [Closed] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210623 [jira] [Updated] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210623 [portals-pluto] branch master updated: PLUTO-786 Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Updated] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Reopened] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Reopened] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.0 due to CVE-2021-22112",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-dev] 20210714 [jira] [Comment Edited] (PLUTO-786) Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E"
},
{
"name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-786 Upgrade to version Spring Framework 5.3.7 and Spring Security 5.5.1 due to CVE-2021-22112 and CVE-2021-22119",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22112",
"datePublished": "2021-02-23T18:48:02",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:24.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5419 (GCVE-0-2020-5419)
Vulnerability from cvelistv5 – Published: 2020-08-31 15:05 – Updated: 2024-09-16 23:31
VLAI?
Summary
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
Severity ?
6.7 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware Tanzu | RabbitMQ |
Affected:
3.7 , < 3.7.28
(custom)
Affected: 3.8 , < 3.8.7 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RabbitMQ",
"vendor": "VMware Tanzu",
"versions": [
{
"lessThan": "3.7.28",
"status": "affected",
"version": "3.7",
"versionType": "custom"
},
{
"lessThan": "3.8.7",
"status": "affected",
"version": "3.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T15:05:19",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5419"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RabbitMQ arbitrary code execution using local binary planting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-08-27T00:00:00.000Z",
"ID": "CVE-2020-5419",
"STATE": "PUBLIC",
"TITLE": "RabbitMQ arbitrary code execution using local binary planting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RabbitMQ",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.7",
"version_value": "3.7.28"
},
{
"version_affected": "\u003c",
"version_name": "3.8",
"version_value": "3.8.7"
}
]
}
}
]
},
"vendor_name": "VMware Tanzu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2020-5419",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5419"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5419",
"datePublished": "2020-08-31T15:05:20.057877Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:31:18.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5415 (GCVE-0-2020-5415)
Vulnerability from cvelistv5 – Published: 2020-08-12 16:40 – Updated: 2024-09-16 17:53
VLAI?
Summary
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.
Severity ?
10 (Critical)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware Tanzu | Concourse |
Affected:
6.4 , < 6.4.1
(custom)
Affected: 6.3 , < 6.3.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5415"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Concourse",
"vendor": "VMware Tanzu",
"versions": [
{
"lessThan": "6.4.1",
"status": "affected",
"version": "6.4",
"versionType": "custom"
},
{
"lessThan": "6.3.1",
"status": "affected",
"version": "6.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-12T16:40:14",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5415"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Concourse\u0027s GitLab auth allows impersonation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-08-12T02:35:17.000Z",
"ID": "CVE-2020-5415",
"STATE": "PUBLIC",
"TITLE": "Concourse\u0027s GitLab auth allows impersonation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Concourse",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.4",
"version_value": "6.4.1"
},
{
"version_affected": "\u003c",
"version_name": "6.3",
"version_value": "6.3.1"
}
]
}
}
]
},
"vendor_name": "VMware Tanzu"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj",
"refsource": "CONFIRM",
"url": "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj"
},
{
"name": "https://tanzu.vmware.com/security/cve-2020-5415",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5415"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5415",
"datePublished": "2020-08-12T16:40:14.465847Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:53:07.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5411 (GCVE-0-2020-5411)
Vulnerability from cvelistv5 – Published: 2020-06-11 17:00 – Updated: 2024-09-17 01:46
VLAI?
Summary
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.
Severity ?
No CVSS data available.
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring by VMware | Spring Batch |
Affected:
4 , < 4.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Batch",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "4.2.3",
"status": "affected",
"version": "4",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known \"deserialization gadgets\". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch\u0027s Jackson support is being leveraged to serialize a job\u0027s ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown \"deserialization gadgets\" when enabling default typing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-11T17:00:16",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5411"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jackson Configuration Allows Code Execution with Unknown \"Serialization Gadgets\"",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-06-11T00:00:00.000Z",
"ID": "CVE-2020-5411",
"STATE": "PUBLIC",
"TITLE": "Jackson Configuration Allows Code Execution with Unknown \"Serialization Gadgets\""
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Batch",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4",
"version_value": "4.2.3"
}
]
}
}
]
},
"vendor_name": "Spring by VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known \"deserialization gadgets\". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch\u0027s Jackson support is being leveraged to serialize a job\u0027s ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown \"deserialization gadgets\" when enabling default typing."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2020-5411",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5411"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5411",
"datePublished": "2020-06-11T17:00:16.564695Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:46:53.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5408 (GCVE-0-2020-5408)
Vulnerability from cvelistv5 – Published: 2020-05-14 17:15 – Updated: 2024-09-17 01:01
VLAI?
Summary
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
Severity ?
No CVSS data available.
CWE
- CWE-329 - Not Using a Random IV with CBC Mode
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring by VMware | Spring Security |
Affected:
4.2 , < 4.2.16
(custom)
Affected: 5.0 , < 5.0.16 (custom) Affected: 5.1 , < 5.1.10 (custom) Affected: 5.2 , < 5.2.4 (custom) Affected: 5.3 , < 5.3.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "4.2.16",
"status": "affected",
"version": "4.2",
"versionType": "custom"
},
{
"lessThan": "5.0.16",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.1.10",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"lessThan": "5.2.4",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"lessThan": "5.3.2",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-329",
"description": "CWE-329: Not Using a Random IV with CBC Mode",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:23",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Dictionary attack with Spring Security queryable text encryptor",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-05-13T00:00:00.000Z",
"ID": "CVE-2020-5408",
"STATE": "PUBLIC",
"TITLE": "Dictionary attack with Spring Security queryable text encryptor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.16"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.16"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.10"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.4"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.3",
"version_value": "5.3.2"
}
]
}
}
]
},
"vendor_name": "Spring by VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-329: Not Using a Random IV with CBC Mode"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://tanzu.vmware.com/security/cve-2020-5408",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5408"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5408",
"datePublished": "2020-05-14T17:15:13.256026Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:01:47.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5409 (GCVE-0-2020-5409)
Vulnerability from cvelistv5 – Published: 2020-05-13 23:15 – Updated: 2024-09-17 02:47
VLAI?
Summary
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)
Severity ?
7.6 (High)
CWE
- CWE-601 - Open Redirect
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Concourse",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "5.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "5.5.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "5.8.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "6.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user\u0027s access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T23:15:17",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5409"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Concourse Open Redirect in the /sky/login endpoint",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-05-13T20:52:58.000Z",
"ID": "CVE-2020-5409",
"STATE": "PUBLIC",
"TITLE": "Concourse Open Redirect in the /sky/login endpoint"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Concourse",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.8"
},
{
"version_affected": "\u003c",
"version_value": "5.5.10"
},
{
"version_affected": "\u003c",
"version_value": "5.8.1"
},
{
"version_affected": "\u003c",
"version_value": "6.0.0"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user\u0027s access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2020-5409",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5409"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5409",
"datePublished": "2020-05-13T23:15:17.452592Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:47:32.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5407 (GCVE-0-2020-5407)
Vulnerability from cvelistv5 – Published: 2020-05-13 17:00 – Updated: 2024-09-16 23:56
VLAI?
Summary
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
Severity ?
No CVSS data available.
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring by VMware | Spring Security |
Affected:
5.2 , < 5.2.4
(custom)
Affected: 5.3 , < 5.3.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[servicemix-issues] 20200514 [jira] [Created] (SM-4384) Create OSGi bundles for spring-security 5.3.2.RELEASE + 5.1.10.RELEASE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[geode-dev] 20200521 Re: Proposal to backport GEODE-8167",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200521 Proposal to backport GEODE-8167",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a%40%3Cdev.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5407"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "5.2.4",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"lessThan": "5.3.2",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:23",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"name": "[servicemix-issues] 20200514 [jira] [Created] (SM-4384) Create OSGi bundles for spring-security 5.3.2.RELEASE + 5.1.10.RELEASE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7%40%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[geode-dev] 20200521 Re: Proposal to backport GEODE-8167",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200521 Proposal to backport GEODE-8167",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a%40%3Cdev.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5407"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Signature Wrapping Vulnerability with spring-security-saml2-service-provider",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-05-13T00:00:00.000Z",
"ID": "CVE-2020-5407",
"STATE": "PUBLIC",
"TITLE": "Signature Wrapping Vulnerability with spring-security-saml2-service-provider"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.4"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.3",
"version_value": "5.3.2"
}
]
}
}
]
},
"vendor_name": "Spring by VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[servicemix-issues] 20200514 [jira] [Created] (SM-4384) Create OSGi bundles for spring-security 5.3.2.RELEASE + 5.1.10.RELEASE",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E"
},
{
"name": "[geode-dev] 20200521 Re: Proposal to backport GEODE-8167",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200521 Proposal to backport GEODE-8167",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://tanzu.vmware.com/security/cve-2020-5407",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5407"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5407",
"datePublished": "2020-05-13T17:00:15.881645Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:56:17.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5399 (GCVE-0-2020-5399)
Vulnerability from cvelistv5 – Published: 2020-02-12 20:30 – Updated: 2024-09-16 19:51
VLAI?
Summary
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
Severity ?
7.6 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloud Foundry | CredHub |
Affected:
Edge , < 2.5.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2020-5399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CredHub",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "2.5.10",
"status": "affected",
"version": "Edge",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T20:30:17",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2020-5399"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CredHub does not properly enable TLS for MySQL database connections",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-02-12T00:00:00.000Z",
"ID": "CVE-2020-5399",
"STATE": "PUBLIC",
"TITLE": "CredHub does not properly enable TLS for MySQL database connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CredHub",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Edge",
"version_value": "2.5.10"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2020-5399",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2020-5399"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5399",
"datePublished": "2020-02-12T20:30:17.255850Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:51:26.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6430 (GCVE-0-2013-6430)
Vulnerability from cvelistv5 – Published: 2020-01-10 13:28 – Updated: 2024-08-06 17:39
VLAI?
Summary
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Spring MVC |
Affected:
before 3.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gopivotal.com/security/cve-2013-6430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.springsource.org/browse/SPR-9983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring MVC",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "before 3.2.2"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-10T13:30:38",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gopivotal.com/security/cve-2013-6430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spring-projects/spring-framework/commit/7a7df6637478607bef0277bf52a4e0a03e20a248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.springsource.org/browse/SPR-9983"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6430",
"datePublished": "2020-01-10T13:28:11",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11292 (GCVE-0-2019-11292)
Vulnerability from cvelistv5 – Published: 2020-01-08 23:55 – Updated: 2024-09-16 18:54
VLAI?
Summary
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Severity ?
8.8 (High)
CWE
- CWE-532 - Inclusion of Sensitive Information in Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Ops Manager |
Affected:
2.7 , < 2.7.5
(custom)
Affected: 2.6 , < 2.6.16 (custom) Affected: 2.5 , < 2.5.24 (custom) Affected: 2.4 , < 2.4.27 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Ops Manager",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "2.7.5",
"status": "affected",
"version": "2.7",
"versionType": "custom"
},
{
"lessThan": "2.6.16",
"status": "affected",
"version": "2.6",
"versionType": "custom"
},
{
"lessThan": "2.5.24",
"status": "affected",
"version": "2.5",
"versionType": "custom"
},
{
"lessThan": "2.4.27",
"status": "affected",
"version": "2.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat\u2019s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Inclusion of Sensitive Information in Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T23:55:12",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11292"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Pivotal Ops Manager logs query parameters in tomcat access file",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-01-08T22:57:26.000Z",
"ID": "CVE-2019-11292",
"STATE": "PUBLIC",
"TITLE": "Pivotal Ops Manager logs query parameters in tomcat access file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Ops Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.7",
"version_value": "2.7.5"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.6",
"version_value": "2.6.16"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.5",
"version_value": "2.5.24"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.4",
"version_value": "2.4.27"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat\u2019s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11292",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11292"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11292",
"datePublished": "2020-01-08T23:55:12.316314Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T18:54:10.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11287 (GCVE-0-2019-11287)
Vulnerability from cvelistv5 – Published: 2019-11-22 23:26 – Updated: 2024-09-16 22:24
VLAI?
Summary
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
Severity ?
4.5 (Medium)
CWE
- CWE-400 - Denial of Service
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | RabbitMQ for Pivotal Platform |
Affected:
1.16 , < 1.16.7
(custom)
Affected: 1.17 , < 1.17.4 (custom) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11287"
},
{
"name": "FEDORA-2019-6497f51791",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RabbitMQ for Pivotal Platform",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "1.16.7",
"status": "affected",
"version": "1.16",
"versionType": "custom"
},
{
"lessThan": "1.17.4",
"status": "affected",
"version": "1.17",
"versionType": "custom"
}
]
},
{
"product": "RabbitMQ",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "v3.7.21",
"status": "affected",
"version": "3.7",
"versionType": "custom"
},
{
"lessThan": "v3.8.1",
"status": "affected",
"version": "3.8",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The \"X-Reason\" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T19:06:18",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11287"
},
{
"name": "FEDORA-2019-6497f51791",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RabbitMQ Web Management Plugin DoS via heap overflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-11-22T20:51:56.000Z",
"ID": "CVE-2019-11287",
"STATE": "PUBLIC",
"TITLE": "RabbitMQ Web Management Plugin DoS via heap overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RabbitMQ for Pivotal Platform",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "1.16",
"version_value": "1.16.7"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "1.17",
"version_value": "1.17.4"
}
]
}
},
{
"product_name": "RabbitMQ",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.7",
"version_value": "v3.7.21"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.8",
"version_value": "v3.8.1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The \"X-Reason\" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11287",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11287"
},
{
"name": "FEDORA-2019-6497f51791",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin",
"refsource": "MISC",
"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11287",
"datePublished": "2019-11-22T23:26:08.880149Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T22:24:51.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11283 (GCVE-0-2019-11283)
Vulnerability from cvelistv5 – Published: 2019-10-23 15:32 – Updated: 2024-09-17 02:01
VLAI?
Summary
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
Severity ?
8.8 (High)
CWE
- CWE-532 - Inclusion of Sensitive Information in Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | SMB Volume |
Affected:
All , < v2.0.3
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SMB Volume",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v2.0.3",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "CF Deployment",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v12.2.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Inclusion of Sensitive Information in Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T15:32:22",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Password leak in smbdriver logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-10-22T23:03:26.802Z",
"ID": "CVE-2019-11283",
"STATE": "PUBLIC",
"TITLE": "Password leak in smbdriver logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMB Volume",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v2.0.3"
}
]
}
},
{
"product_name": "CF Deployment",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v12.2.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-11283",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11283"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11283",
"datePublished": "2019-10-23T15:32:22.206840Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-17T02:01:09.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11282 (GCVE-0-2019-11282)
Vulnerability from cvelistv5 – Published: 2019-10-23 15:28 – Updated: 2024-09-16 23:26
VLAI?
Summary
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cloud Foundry | UAA Release |
Affected:
All , < v74.3.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UAA Release",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v74.3.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
},
{
"product": "CF Deployment",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v12.2.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T15:28:24",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAA is vulnerable to a Blind SCIM injection leading to information disclosure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-10-22T00:00:00.000Z",
"ID": "CVE-2019-11282",
"STATE": "PUBLIC",
"TITLE": "UAA is vulnerable to a Blind SCIM injection leading to information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UAA Release",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v74.3.0"
}
]
}
},
{
"product_name": "CF Deployment",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v12.2.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-11282",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11282"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11282",
"datePublished": "2019-10-23T15:28:24.395096Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T23:26:37.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11281 (GCVE-0-2019-11281)
Vulnerability from cvelistv5 – Published: 2019-10-16 15:23 – Updated: 2024-09-16 19:05
VLAI?
Summary
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Pivotal | RabbitMQ |
Affected:
prior to v3.7.18
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RabbitMQ",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "prior to v3.7.18"
}
]
},
{
"product": "RabbitMQ for PCF",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.15.x prior to 1.15.13"
},
{
"status": "affected",
"version": "11.16.x prior to 1.16.6"
},
{
"status": "affected",
"version": "1.17.x prior to 1.17.3"
}
]
}
],
"datePublic": "2019-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Cross-site Scripting (XSS) - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T19:06:24",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RabbitMQ XSS attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-10-15T20:59:25.000Z",
"ID": "CVE-2019-11281",
"STATE": "PUBLIC",
"TITLE": "RabbitMQ XSS attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RabbitMQ",
"version": {
"version_data": [
{
"version_value": "prior to v3.7.18"
}
]
}
},
{
"product_name": "RabbitMQ for PCF",
"version": {
"version_data": [
{
"version_value": "1.15.x prior to 1.15.13"
},
{
"version_value": "11.16.x prior to 1.16.6"
},
{
"version_value": "1.17.x prior to 1.17.3"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Cross-site Scripting (XSS) - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11281",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11281",
"datePublished": "2019-10-16T15:23:47.309415Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T19:05:38.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11275 (GCVE-0-2019-11275)
Vulnerability from cvelistv5 – Published: 2019-10-01 14:17 – Updated: 2024-09-17 02:57
VLAI?
Summary
Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege.
Severity ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Apps Manager |
Affected:
670 , < 670.0.7
(custom)
Affected: 669 , < 669.0.13 (custom) Affected: 668 , < 668.0.21 (custom) Affected: 667 , < 667.0.22 (custom) Affected: 666 , < 666.0.36 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apps Manager",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "670.0.7",
"status": "affected",
"version": "670",
"versionType": "custom"
},
{
"lessThan": "669.0.13",
"status": "affected",
"version": "669",
"versionType": "custom"
},
{
"lessThan": "668.0.21",
"status": "affected",
"version": "668",
"versionType": "custom"
},
{
"lessThan": "667.0.22",
"status": "affected",
"version": "667",
"versionType": "custom"
},
{
"lessThan": "666.0.36",
"status": "affected",
"version": "666",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-01T14:17:40",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11275"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CSV Injection in usage report downloaded from Pivotal Application Manager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-09-30T18:27:17.000Z",
"ID": "CVE-2019-11275",
"STATE": "PUBLIC",
"TITLE": "CSV Injection in usage report downloaded from Pivotal Application Manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apps Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "670",
"version_value": "670.0.7"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "669",
"version_value": "669.0.13"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "668",
"version_value": "668.0.21"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "667",
"version_value": "667.0.22"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "666",
"version_value": "666.0.36"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a name such that a csv program can interpret into a formula and gets executed. The malicious user can possibly gain access to a usage report that requires a higher privilege."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11275",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11275"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11275",
"datePublished": "2019-10-01T14:17:40.183578Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-17T02:57:24.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11280 (GCVE-0-2019-11280)
Vulnerability from cvelistv5 – Published: 2019-09-20 18:35 – Updated: 2024-09-16 19:20
VLAI?
Summary
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.
Severity ?
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Application Service (PAS) |
Affected:
2.3.x prior to 2.3.18
Affected: 2.4.x prior to 2.4.14 Affected: 2.5.x prior to 2.5.10 Affected: 2.6.x prior to 2.6.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Application Service (PAS)",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "2.3.x prior to 2.3.18"
},
{
"status": "affected",
"version": "2.4.x prior to 2.4.14"
},
{
"status": "affected",
"version": "2.5.x prior to 2.5.10"
},
{
"status": "affected",
"version": "2.6.x prior to 2.6.5"
}
]
}
],
"datePublic": "2019-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T18:35:17",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11280"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation through the invitations service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-09-20T01:05:51.000Z",
"ID": "CVE-2019-11280",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation through the invitations service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Application Service (PAS)",
"version": {
"version_data": [
{
"version_value": "2.3.x prior to 2.3.18"
},
{
"version_value": "2.4.x prior to 2.4.14"
},
{
"version_value": "2.5.x prior to 2.5.10"
},
{
"version_value": "2.6.x prior to 2.6.5"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11280",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11280"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11280",
"datePublished": "2019-09-20T18:35:17.756215Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T19:20:44.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11276 (GCVE-0-2019-11276)
Vulnerability from cvelistv5 – Published: 2019-08-19 14:49 – Updated: 2024-09-16 16:13
VLAI?
Summary
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged.
Severity ?
5.4 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Application Service (PAS) |
Affected:
2.3 , < 2.3.16
(custom)
Affected: 2.4 , < 2.4.12 (custom) Affected: 2.5 , < 2.5.8 (custom) Affected: 2.6 , < 2.6.3 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Application Service (PAS)",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "2.3.16",
"status": "affected",
"version": "2.3",
"versionType": "custom"
},
{
"lessThan": "2.4.12",
"status": "affected",
"version": "2.4",
"versionType": "custom"
},
{
"lessThan": "2.5.8",
"status": "affected",
"version": "2.5",
"versionType": "custom"
},
{
"lessThan": "2.6.3",
"status": "affected",
"version": "2.6",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-19T14:49:27",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11276"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apps Manager sends tokens to Spring apps via HTTP",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-08-16T19:23:14.737Z",
"ID": "CVE-2019-11276",
"STATE": "PUBLIC",
"TITLE": "Apps Manager sends tokens to Spring apps via HTTP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Application Service (PAS)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.3",
"version_value": "2.3.16"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.4",
"version_value": "2.4.12"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.5",
"version_value": "2.5.8"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.6",
"version_value": "2.6.3"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11276",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11276"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11276",
"datePublished": "2019-08-19T14:49:27.910651Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T16:13:54.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11270 (GCVE-0-2019-11270)
Vulnerability from cvelistv5 – Published: 2019-08-05 16:21 – Updated: 2024-09-17 04:19
VLAI?
Summary
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
Severity ?
7.3 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloud Foundry | UAA Release (OSS) |
Affected:
prior to v73.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UAA Release (OSS)",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "prior to v73.4.0"
}
]
}
],
"datePublic": "2019-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the \u0027clients.write\u0027 authority or scope can bypass the restrictions imposed on clients created via \u0027clients.write\u0027 and create clients with arbitrary scopes that the creator does not possess."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:50:49",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11270"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAA clients.write vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-08-01T00:00:00.000Z",
"ID": "CVE-2019-11270",
"STATE": "PUBLIC",
"TITLE": "UAA clients.write vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UAA Release (OSS)",
"version": {
"version_data": [
{
"version_value": "prior to v73.4.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the \u0027clients.write\u0027 authority or scope can bypass the restrictions imposed on clients created via \u0027clients.write\u0027 and create clients with arbitrary scopes that the creator does not possess."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-11270",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11270"
},
{
"name": "https://pivotal.io/security/cve-2019-11270",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11270"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11270",
"datePublished": "2019-08-05T16:21:54.798114Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-17T04:19:01.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11273 (GCVE-0-2019-11273)
Vulnerability from cvelistv5 – Published: 2019-07-23 22:34 – Updated: 2024-09-16 18:04
VLAI?
Summary
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.
Severity ?
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Container Service (PKS) |
Affected:
1.3.x prior to 1.3.7
Affected: 1.4.x prior to 1.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/CVE-2019-11273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Container Service (PKS)",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.3.x prior to 1.3.7"
},
{
"status": "affected",
"version": "1.4.x prior to 1.4.1"
}
]
}
],
"datePublic": "2019-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-23T22:34:08",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/CVE-2019-11273"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PKS Telemetry logs credentials",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-07-23T16:37:35.385Z",
"ID": "CVE-2019-11273",
"STATE": "PUBLIC",
"TITLE": "PKS Telemetry logs credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Container Service (PKS)",
"version": {
"version_data": [
{
"version_value": "1.3.x prior to 1.3.7"
},
{
"version_value": "1.4.x prior to 1.4.1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/CVE-2019-11273",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/CVE-2019-11273"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11273",
"datePublished": "2019-07-23T22:34:08.022548Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T18:04:10.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3794 (GCVE-0-2019-3794)
Vulnerability from cvelistv5 – Published: 2019-07-18 15:47 – Updated: 2024-09-16 16:28
VLAI?
Summary
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
Severity ?
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control - Generic
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloud Foundry | UAA Release (OSS) |
Affected:
All , < v73.4.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UAA Release (OSS)",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v73.4.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA\u0027s frontend sites."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-18T15:47:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3794"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAA - Login app subject to clickjacking attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-07-09T00:00:00.000Z",
"ID": "CVE-2019-3794",
"STATE": "PUBLIC",
"TITLE": "UAA - Login app subject to clickjacking attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UAA Release (OSS)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v73.4.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA\u0027s frontend sites."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3794",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3794"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3794",
"datePublished": "2019-07-18T15:47:00.225600Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:28:44.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11268 (GCVE-0-2019-11268)
Vulnerability from cvelistv5 – Published: 2019-07-11 18:11 – Updated: 2024-09-17 03:13
VLAI?
Summary
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloud Foundry | UAA Release (OSS) |
Affected:
prior to v73.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UAA Release (OSS)",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "prior to v73.3.0"
}
]
}
],
"datePublic": "2019-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T18:11:36",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-11268"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAA SQL Identity Zone Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-06-27T23:26:15.000Z",
"ID": "CVE-2019-11268",
"STATE": "PUBLIC",
"TITLE": "UAA SQL Identity Zone Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UAA Release (OSS)",
"version": {
"version_data": [
{
"version_value": "prior to v73.3.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-11268",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-11268"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11268",
"datePublished": "2019-07-11T18:11:36.916271Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-17T03:13:54.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3787 (GCVE-0-2019-3787)
Vulnerability from cvelistv5 – Published: 2019-06-19 22:28 – Updated: 2024-09-16 21:57
VLAI?
Summary
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.
Severity ?
8.3 (High)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloud Foundry | UAA Release (OSS) |
Affected:
All , < v73.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UAA Release (OSS)",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v73.0.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending \u201cunknown.org\u201d to a user\u0027s email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user\u0027s account."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840: Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T22:28:07",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3787"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAA defaults email address to an insecure domain",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-05-14T00:00:00.000Z",
"ID": "CVE-2019-3787",
"STATE": "PUBLIC",
"TITLE": "UAA defaults email address to an insecure domain"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UAA Release (OSS)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v73.0.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending \u201cunknown.org\u201d to a user\u0027s email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user\u0027s account."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840: Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3787",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3787"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3787",
"datePublished": "2019-06-19T22:28:07.316424Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:57:57.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11269 (GCVE-0-2019-11269)
Vulnerability from cvelistv5 – Published: 2019-06-12 14:46 – Updated: 2024-09-16 23:11
VLAI?
Summary
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.
Severity ?
4.2 (Medium)
CWE
- CWE-601 - Open Redirect
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security OAuth |
Affected:
2.2 , < v2.2.5.RELEASE
(custom)
Affected: 2.1 , < v2.1.5.RELEASE (custom) Affected: 2.0 , < v2.0.18.RELEASE (custom) Affected: 2.3 , < v2.3.6.RELEASE (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11269"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security OAuth",
"vendor": "Spring",
"versions": [
{
"lessThan": "v2.2.5.RELEASE",
"status": "affected",
"version": "2.2",
"versionType": "custom"
},
{
"lessThan": "v2.1.5.RELEASE",
"status": "affected",
"version": "2.1",
"versionType": "custom"
},
{
"lessThan": "v2.0.18.RELEASE",
"status": "affected",
"version": "2.0",
"versionType": "custom"
},
{
"lessThan": "v2.3.6.RELEASE",
"status": "affected",
"version": "2.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:00",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11269"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open Redirector in spring-security-oauth2",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-05-30T00:00:00.000Z",
"ID": "CVE-2019-11269",
"STATE": "PUBLIC",
"TITLE": "Open Redirector in spring-security-oauth2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security OAuth",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.2",
"version_value": "v2.2.5.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "v2.1.5.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.0",
"version_value": "v2.0.18.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.3",
"version_value": "v2.3.6.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://pivotal.io/security/cve-2019-11269",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11269"
},
{
"name": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11269",
"datePublished": "2019-06-12T14:46:18.601170Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T23:11:41.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3790 (GCVE-0-2019-3790)
Vulnerability from cvelistv5 – Published: 2019-06-06 19:16 – Updated: 2024-09-16 22:20
VLAI?
Summary
The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources.
Severity ?
6.1 (Medium)
CWE
- CWE-324 - Use of a Key Past its Expiration Date
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Ops Manager |
Affected:
2.3 , < 2.3.16
(custom)
Affected: 2.4 , < 2.4.11 (custom) Affected: 2.2 , < 2.2.23 (custom) Affected: 2.5 , < 2.5.3 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "108512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3790"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Ops Manager",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "2.3.16",
"status": "affected",
"version": "2.3",
"versionType": "custom"
},
{
"lessThan": "2.4.11",
"status": "affected",
"version": "2.4",
"versionType": "custom"
},
{
"lessThan": "2.2.23",
"status": "affected",
"version": "2.2",
"versionType": "custom"
},
{
"lessThan": "2.5.3",
"status": "affected",
"version": "2.5",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-324",
"description": "CWE-324: Use of a Key Past its Expiration Date",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T19:17:33",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "108512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3790"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ops Manager uaa client issues tokens after refresh token expiration",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-05-28T13:47:10.000Z",
"ID": "CVE-2019-3790",
"STATE": "PUBLIC",
"TITLE": "Ops Manager uaa client issues tokens after refresh token expiration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Ops Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.3",
"version_value": "2.3.16"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.4",
"version_value": "2.4.11"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.2",
"version_value": "2.2.23"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.5",
"version_value": "2.5.3"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-324: Use of a Key Past its Expiration Date"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108512"
},
{
"name": "https://pivotal.io/security/cve-2019-3790",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3790"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3790",
"datePublished": "2019-06-06T19:16:16.854483Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:20:48.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3802 (GCVE-0-2019-3802)
Vulnerability from cvelistv5 – Published: 2019-06-03 13:47 – Updated: 2024-09-17 00:22
VLAI?
Summary
This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
Severity ?
CWE
- CWE-155 - Improper Neutralization of Wildcards or Matching Symbols
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Data JPA |
Affected:
2.1 , < 2.1.8.RELEASE
(custom)
Affected: 1.11 , < 1.11.22.RELEASE (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Data JPA",
"vendor": "Spring",
"versions": [
{
"lessThan": "2.1.8.RELEASE",
"status": "affected",
"version": "2.1",
"versionType": "custom"
},
{
"lessThan": "1.11.22.RELEASE",
"status": "affected",
"version": "1.11",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-155",
"description": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-03T13:47:42",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3802"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Additional information exposure with Spring Data JPA example matcher",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-05-13T00:00:00.000Z",
"ID": "CVE-2019-3802",
"STATE": "PUBLIC",
"TITLE": "Additional information exposure with Spring Data JPA example matcher"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Data JPA",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "2.1.8.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "1.11",
"version_value": "1.11.22.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-155: Improper Neutralization of Wildcards or Matching Symbols"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3802",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3802"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3802",
"datePublished": "2019-06-03T13:47:42.791121Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:22:02.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3797 (GCVE-0-2019-3797)
Vulnerability from cvelistv5 – Published: 2019-05-06 15:21 – Updated: 2024-09-16 17:33
VLAI?
Summary
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.
Severity ?
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Boot |
Affected:
2.0 , < v2.0.9.RELEASE
(custom)
Affected: 1.5 , < v1.5.20.RELEASE (custom) Affected: 2.1 , < v2.1.4.RELEASE (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Boot",
"vendor": "Spring",
"versions": [
{
"lessThan": "v2.0.9.RELEASE",
"status": "affected",
"version": "2.0",
"versionType": "custom"
},
{
"lessThan": "v1.5.20.RELEASE",
"status": "affected",
"version": "1.5",
"versionType": "custom"
},
{
"lessThan": "v2.1.4.RELEASE",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates \u2018startingWith\u2019, \u2018endingWith\u2019 or \u2018containing\u2019 could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-06T15:21:37",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3797"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Additional information exposure with Spring Data JPA derived queries",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-08T00:00:00.000Z",
"ID": "CVE-2019-3797",
"STATE": "PUBLIC",
"TITLE": "Additional information exposure with Spring Data JPA derived queries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Boot",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.0",
"version_value": "v2.0.9.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "1.5",
"version_value": "v1.5.20.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "v2.1.4.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates \u2018startingWith\u2019, \u2018endingWith\u2019 or \u2018containing\u2019 could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3797",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3797"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3797",
"datePublished": "2019-05-06T15:21:37.081031Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:33:03.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3793 (GCVE-0-2019-3793)
Vulnerability from cvelistv5 – Published: 2019-04-24 15:21 – Updated: 2024-09-17 02:42
VLAI?
Summary
Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests.
Severity ?
8.1 (High)
CWE
- CWE-300 - Man-in-the-Middle
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Apps Manager |
Affected:
666 , < 666.0.21
(custom)
Affected: 667 , < 667.0.7 (custom) Affected: 665 , < 665.0.28 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apps Manager",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "666.0.21",
"status": "affected",
"version": "666",
"versionType": "custom"
},
{
"lessThan": "667.0.7",
"status": "affected",
"version": "667",
"versionType": "custom"
},
{
"lessThan": "665.0.28",
"status": "affected",
"version": "665",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300: Man-in-the-Middle",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T15:21:10",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3793"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Invitations Service supports HTTP connections",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-16T15:45:27.000Z",
"ID": "CVE-2019-3793",
"STATE": "PUBLIC",
"TITLE": "Invitations Service supports HTTP connections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apps Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "666",
"version_value": "666.0.21"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "667",
"version_value": "667.0.7"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "665",
"version_value": "665.0.28"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300: Man-in-the-Middle"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3793",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3793"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3793",
"datePublished": "2019-04-24T15:21:10.482554Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:42:24.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3792 (GCVE-0-2019-3792)
Vulnerability from cvelistv5 – Published: 2019-04-01 20:54 – Updated: 2024-09-17 01:46
VLAI?
Summary
Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data.
Severity ?
6.8 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Concourse",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "v5.0.1",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T15:28:52",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3792"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Concourse 5.0.0 SQL Injection vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-03-26T00:00:00.000Z",
"ID": "CVE-2019-3792",
"STATE": "PUBLIC",
"TITLE": "Concourse 5.0.0 SQL Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Concourse",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v5.0.1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3792",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3792"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3792",
"datePublished": "2019-04-01T20:54:47.233626Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:46:43.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3776 (GCVE-0-2019-3776)
Vulnerability from cvelistv5 – Published: 2019-03-07 19:00 – Updated: 2024-09-17 00:11
VLAI?
Summary
Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user's browser.
Severity ?
7.2 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS) - Reflected
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Pivotal Ops Manager |
Affected:
2.2 , < 2.2.16
(custom)
Affected: 2.3 , < 2.3.10 (custom) Affected: 2.4 , < 2.4.3 (custom) Affected: 2.1 , < 2.1.19 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107344",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pivotal Ops Manager",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "2.2.16",
"status": "affected",
"version": "2.2",
"versionType": "custom"
},
{
"lessThan": "2.3.10",
"status": "affected",
"version": "2.3",
"versionType": "custom"
},
{
"lessThan": "2.4.3",
"status": "affected",
"version": "2.4",
"versionType": "custom"
},
{
"lessThan": "2.1.19",
"status": "affected",
"version": "2.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user\u0027s browser."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Cross-site Scripting (XSS) - Reflected",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "107344",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3776"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected XSS in Pivotal Operations Manager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-02-20T00:00:00.000Z",
"ID": "CVE-2019-3776",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in Pivotal Operations Manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Ops Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.2",
"version_value": "2.2.16"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.3",
"version_value": "2.3.10"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.4",
"version_value": "2.4.3"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "2.1",
"version_value": "2.1.19"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with malicious content could execute arbitrary JavaScript in the user\u0027s browser."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Cross-site Scripting (XSS) - Reflected"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107344"
},
{
"name": "https://pivotal.io/security/cve-2019-3776",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3776"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3776",
"datePublished": "2019-03-07T19:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:11:48.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}