First published: Mon Sep 23 2019(Updated: )
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.
Credit: security@pivotal.io
Affected Software | Affected Version | How to fix |
---|---|---|
Cloudfoundry Cf-deployment | <11.1.0 | |
Cloudfoundry Nfs Volume Release | >=1.7.0<1.7.11 | |
Cloudfoundry Nfs Volume Release | >=2.0.0<2.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-11277.
CVE-2019-11277 has a severity level of high.
Versions 1.7.x (prior to 1.7.11) and 2.x (prior to 2.3.0) of Cloud Foundry NFS Volume Service are affected by CVE-2019-11277.
A remote authenticated malicious space developer can exploit CVE-2019-11277 by injecting LDAP filters via service instance creation, potentially leading to denial of service.
More information about CVE-2019-11277 can be found at https://www.cloudfoundry.org/blog/cve-2019-11277.