CVE-2019-11290
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-11290
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11290.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11290
- Published
- 2019-11-26T00:15:11.547Z
- Modified
- 2025-12-01T10:22:03.642290Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
- References
Affected packages
Git / github.com/cloudfoundry/cf-deployment
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/cf-deployment
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.0
v0.0.1
v0.0.2
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.21.0
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.3.0
v0.30.0
v0.31.0
v0.32.0
v0.32.1
v0.33.0
v0.34.0
v0.35.0
v0.36.0
v0.37.0
v0.4.0
v0.5.0
v0.7.0
v0.8.0
v0.9.0
v0.9.1
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.3.1
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.4.0
v1.40.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v10.*
v10.0.0
v10.1.0
v11.*
v11.0.0
v11.1.0
v11.2.0
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.9.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0
v3.*
v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.6.0
v4.*
v4.0.0
v4.1.0
v4.2.0
v4.3.0
v4.4.0
v4.5.0
v5.*
v5.0.0
v5.1.0
v5.2.0
v5.3.0
v5.4.0
v5.5.0
v6.*
v6.0.0
v6.1.0
v6.10.0
v6.2.0
v6.3.0
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.9.0
v7.*
v7.0.0
v7.1.0
v7.10.0
v7.11.0
v7.2.0
v7.3.0
v7.4.0
v7.5.0
v7.6.0
v7.8.0
v7.9.0
v8.*
v8.0.0
v8.1.0
v9.*
v9.0.0
v9.1.0
v9.2.0
v9.3.0
v9.4.0
v9.5.0
Git / github.com/cloudfoundry/uaa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.1
1.0.2
1.0.3
1.1
1.1.1
1.1.2
1.10
1.11
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0
1.9.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.0
2.2.4
2.2.4.1
2.2.5
2.2.6
2.3.0
2.3.1
2.3.1.1
2.4.0
2.4.1
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.7.0
2.7.0.1
2.7.0.2
2.7.0.3
2.7.1
2.7.2
2.7.3
3.*
3.0.0
3.0.1
3.1.0
3.10.0
3.11.0
3.12.0
3.13.0
3.14.0
3.15.0
3.16.0
3.2.0
3.2.1
3.3.0
3.3.0.1
3.4.0
3.4.1
3.4.2
3.5.0
3.6.0
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.8.0
3.9.0
3.9.1
3.9.2
3.9.3
4.*
4.0.0
4.1.0
4.10.0
4.11.0
4.12.0
4.12.1
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.14.0
4.15.0
4.16.0
4.17.0
4.18.0
4.19.0
4.2.0
4.20.0
4.21.0
4.22.0
4.23.0
4.24.0
4.25.0
4.26.0
4.27.0
4.28.0
4.29.0
4.3.0
4.30.0
4.31.0
4.35.0
4.4.0
4.5.0
4.6.0
4.6.1
4.7.0
4.7.1
4.7.2
4.8.0
4.8.1
4.8.2
4.8.3
4.9.0
Other
lenient_hybrid_flow
travis-success-1475
travis-success-1478
travis-success-1497
releases/4.*
releases/4.15.0
v73.*
v73.7.0
v74.*
v74.0.0
v74.1.0
v74.2.0
v74.3.0
v74.4.0
v74.5.0
v74.6.0
v74.7.0