All Vulnerability Reports

CVE-2019-11273: PKS Telemetry logs credentials


Severity

Low

Vendor

Pivotal Cloud Foundry

Description

Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.

Affected VMware Products and Versions

Severity is low unless otherwise noted.

  • Pivotal Container Service versions 1.3.x prior to 1.3.7
  • Pivotal Container Service versions 1.4.x prior to 1.4.1

Mitigation

Users of affected versions should apply the following mitigation:

  • Pivotal Container Service
    • 1.3.7
    • 1.4.1

References

History

2019-07-18: Initial vulnerability report published