CVE-2019-11283: Password leak in smbdriver logs
First published: Wed Oct 23 2019(Updated: )
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
Credit: security@pivotal.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudfoundry Cf-deployment | <12.2.0 | |
| Pivotal Software Cloud Foundry Smb Volume | <2.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-11283?
CVE-2019-11283 is a vulnerability in Cloud Foundry SMB Volume, versions prior to v2.0.3, that accidentally outputs sensitive information to the logs.
How does CVE-2019-11283 affect Cloud Foundry SMB Volume?
CVE-2019-11283 allows a remote user with access to the SMB Volume logs to discover the username and password for recently created volumes, potentially allowing them to take control of the SMB Volume.
What is the severity of CVE-2019-11283?
CVE-2019-11283 has a severity score of 8.8, which is considered high.
How can I fix CVE-2019-11283?
To fix CVE-2019-11283, upgrade to Cloud Foundry SMB Volume v2.0.3 or higher.
Where can I find more information about CVE-2019-11283?
You can find more information about CVE-2019-11283 on the Cloud Foundry website at https://www.cloudfoundry.org/blog/cve-2019-11283.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cloudfoundry
- canonical/cloudfoundry cf-deployment
- vendor/pivotal software
- canonical/pivotal software cloud foundry smb volume