Design/Logic Flaw

2019-06-1900:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.

CPENameOperatorVersion
boshge270.0.0
boshlt270.1.1

CPE	Name	Operator	Version
	bosh	ge	270.0.0
	bosh	lt	270.1.1

References

www.cloudfoundry.org/blog/cve-2019-11271