PKS Telemetry logs credentials
CVE-2019-11273

2.2LOW

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
23 July 2019

What is CVE-2019-11273?

Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.

Affected Version(s)

Pivotal Container Service (PKS) 1.3.x prior to 1.3.7

Pivotal Container Service (PKS) 1.4.x prior to 1.4.1

References

CVSS V3.1

Score:
2.2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
2.2
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.