CVE-2019-11294
19.12.2019, 20:15
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cloudfoundry | capi-release | 1.88.0 |
| cloudfoundry | cf-deployment | 𝑥 < 12.7.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.