CVE-2019-11273: PKS Telemetry logs credentials
Pivotal Cloud Foundry
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.
Affected VMware Products and Versions
Severity is low unless otherwise noted.
- Pivotal Container Service versions 1.3.x prior to 1.3.7
- Pivotal Container Service versions 1.4.x prior to 1.4.1
Users of affected versions should apply the following mitigation:
- Pivotal Container Service
2019-07-18: Initial vulnerability report published