CAPI leaks service broker URLs and GUIDs to space developers
CVE-2019-11294

4.3MEDIUM

Key Information:

Vendor: Cloud Foundry
Status: Capi
Vendor: CVE Published:; 19 December 2019

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2019-11294?

Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.

Affected Version(s)

CAPI 1.88.0

References

https://www.cloudfoundry.org/blog/cve-2019-11294

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2019
Vulnerability Reserved
Apr 18, 2019

CVE-2019-11294 Data

JSON