CVE-2019-11273 - Vulnerability Details - OpenCVE

Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal Software	Pivotal Container Service

Configuration 1 [-]

OR	cpe:2.3:a:pivotal_software:pivotal_container_service::::::::
	cpe:2.3:a:pivotal_software:pivotal_container_service::::::::

No data.

References

Link	Providers
https://pivotal.io/security/CVE-2019-11273

History

No history.

MITRE

Status: PUBLISHED

Assigner: pivotal

Published: 2019-07-23T22:34:08.022548Z

Updated: 2024-09-16T18:04:10.968Z

Reserved: 2019-04-18T00:00:00

Link: CVE-2019-11273

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-23T23:15:36.210

Modified: 2024-11-21T04:20:49.820

Link: CVE-2019-11273

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Pivotal Container Service (PKS)", "vendor": "Pivotal", "versions": [{"status": "affected", "version": "1.3.x prior to 1.3.7"}, {"status": "affected", "version": "1.4.x prior to 1.4.1"}]}], "datePublic": "2019-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532: Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-23T22:34:08", "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "shortName": "pivotal"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/CVE-2019-11273"}], "source": {"discovery": "UNKNOWN"}, "title": "PKS Telemetry logs credentials", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@pivotal.io", "DATE_PUBLIC": "2019-07-23T16:37:35.385Z", "ID": "CVE-2019-11273", "STATE": "PUBLIC", "TITLE": "PKS Telemetry logs credentials"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pivotal Container Service (PKS)", "version": {"version_data": [{"version_value": "1.3.x prior to 1.3.7"}, {"version_value": "1.4.x prior to 1.4.1"}]}}]}, "vendor_name": "Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532: Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/CVE-2019-11273", "refsource": "CONFIRM", "url": "https://pivotal.io/security/CVE-2019-11273"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:48:09.025Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/CVE-2019-11273"}]}]}, "cveMetadata": {"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "assignerShortName": "pivotal", "cveId": "CVE-2019-11273", "datePublished": "2019-07-23T22:34:08.022548Z", "dateReserved": "2019-04-18T00:00:00", "dateUpdated": "2024-09-16T18:04:10.968Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:pivotal_container_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AB469EF-0404-4034-BD87-688958CBED08", "versionEndExcluding": "1.3.7", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:pivotal_container_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "543D1867-2091-47A0-AAC3-1D7D054360A0", "versionEndExcluding": "1.4.1", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information."}, {"lang": "es", "value": "Pivotal Container Services (PKS) versiones 1.3.x anteriores a 1.3.7, y versiones 1.4.x anteriores a 1.4.1, contienen un componente vulnerable que registra el nombre de usuario y la contrase\u00f1a en la base de datos de facturaci\u00f3n. Un usuario autenticado remoto con acceso a esos registros puede recuperar informaci\u00f3n no confidencial."}], "id": "CVE-2019-11273", "lastModified": "2024-11-21T04:20:49.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "security@pivotal.io", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-23T23:15:36.210", "references": [{"source": "security@pivotal.io", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/CVE-2019-11273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/CVE-2019-11273"}], "sourceIdentifier": "security@pivotal.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@pivotal.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}