3 matches found
CVE-2019-11294
Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins...
CVE-2019-11294 CAPI leaks service broker URLs and GUIDs to space developers
Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins...
CVE-2019-11294
Summary: CVE-2019-11294 affects Cloud Foundry Cloud Controller API (CAPI) version 1.88.0, where space developers can list all global service brokers, exposing broker URLs and GUIDs that should be admin-only. The issue is a disclosure/Access Control problem within CAPI, enabling unauthorized visib...