CVE-2019-11283

Password leak in smbdriver logs

CVSS 8.8 HIGHEPSS 1.5%CWE-532

Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Cloud Foundry · CF Deployment Cloud Foundry · SMB Volume

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cloudfoundry.org/blog/cve-2019-11283