Lucene search
PivotalCVELIST:CVE-2019-11284HistoryOct 17, 2019 - 5:40 p.m.
CVE-2019-11284 Reactor Netty authentication leak in redirects
2019-10-1717:40:12
CWE-522
pivotal
www.cve.org
1
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
AI Score
8.8
Confidence
High
EPSS
0.002
Percentile
59.7%
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
CNA Affected
[
{
"product": "Reactor Netty",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "prior to v0.8.11.RELEASE"
}
]
}
]References
Related
osv
osv
Insufficiently Protected Credentials in Pivotal Reactor Netty
2019-10-23 14:14:32
CVE-2019-11284
2019-10-17 18:15:12
cve
cve
CVE-2019-11284
2019-10-17 18:15:12
veracode
veracode
Information Disclosure
2019-10-18 03:27:50
prion
prion
Authorization
2019-10-17 18:15:00
github
github
Insufficiently Protected Credentials in Pivotal Reactor Netty
2019-10-23 14:14:32
nvd
nvd
CVE-2019-11284
2019-10-17 18:15:12
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
AI Score
8.8
Confidence
High
EPSS
0.002
Percentile
59.7%
Related for CVELIST:CVE-2019-11284