PKS Telemetry logs credentials
CVE-2019-11273
2.2LOW
What is CVE-2019-11273?
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.
Affected Version(s)
Pivotal Container Service (PKS) 1.3.x prior to 1.3.7
Pivotal Container Service (PKS) 1.4.x prior to 1.4.1
References
CVSS V3.1
Score:
2.2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
2.2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
