CVE-2019-11273: PKS Telemetry logs credentials
Severity
Low
Vendor
Pivotal Cloud Foundry
Description
Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.
Affected VMware Products and Versions
Severity is low unless otherwise noted.
- Pivotal Container Service versions 1.3.x prior to 1.3.7
- Pivotal Container Service versions 1.4.x prior to 1.4.1
Mitigation
Users of affected versions should apply the following mitigation:
- Pivotal Container Service
- 1.3.7
- 1.4.1
References
History
2019-07-18: Initial vulnerability report published