CVE-2019-11293

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11293

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11293.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11293

Published

2019-12-06T20:15:09.577Z

Modified

2026-04-10T04:14:10.271648Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.

References

https://www.cloudfoundry.org/blog/cve-2019-11293

Affected packages

Git / github.com/cloudfoundry/cf-deployment

Affected ranges

Type

GIT

Repo

https://github.com/cloudfoundry/cf-deployment

Events

Introduced

Fixed

a0e7108a5d9fed657e1af33372d33dd5982ca7a5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.12.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/cloudfoundry/uaa

Events

Introduced

Fixed

dbd21b6d4b502f8e5b110d603e64d73adcaf3f83

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "74.10.0"
        }
    ]
}

Affected versions

1.*

1.0.1

1.0.3

1.1

1.1.1

1.1.2

1.2.0

1.2.6

1.4.0

1.4.1

1.4.2

1.4.3

1.4.5

1.4.6

1.4.7

1.5.0

1.5.2

1.5.2.1

1.5.3

1.5.4

1.5.4.1

1.6.1

1.6.2

1.8.0

4.*

4.10.0

4.11.0

4.12.0

4.15.0

4.16.0

4.17.0

4.18.0

4.19.0

4.20.0

4.21.0

4.22.0

4.23.0

4.24.0

4.25.0

4.26.0

4.27.0

4.28.0

4.29.0

4.30.0

4.31.0

4.35.0

4.9.0

releases/4.*

releases/4.15.0

Other

travis-success-1475

travis-success-1478

travis-success-1497

v0.*

v0.0.0

v0.0.1

v0.0.2

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.2.0

v0.2.1

v0.2.2

v0.28.0

v0.29.0

v0.3.0

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.5.0

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.36.0

v1.37.0

v1.38.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

v10.*

v10.0.0

v10.1.0

v11.*

v11.0.0

v11.1.0

v11.2.0

v12.*

v12.0.0

v12.1.0

v12.10.0

v12.11.0

v12.2.0

v12.3.0

v12.4.0

v12.5.0

v12.6.0

v12.7.0

v12.8.0

v12.9.0

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.3.0

v2.4.0

v2.5.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.5.0

v3.6.0

v4.*

v4.0.0

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.5.0

v5.*

v5.0.0

v5.1.0

v5.3.0

v5.4.0

v5.5.0

v6.*

v6.0.0

v6.1.0

v6.10.0

v6.2.0

v6.3.0

v6.4.0

v6.5.0

v6.6.0

v6.7.0

v6.8.0

v6.9.0

v7.*

v7.0.0

v7.1.0

v7.2.0

v7.3.0

v7.4.0

v7.5.0

v7.6.0

v7.8.0

v7.9.0

v73.*

v73.7.0

v74.*

v74.0.0

v74.1.0

v74.2.0

v74.3.0

v74.4.0

v74.5.0

v74.6.0

v74.7.0

v74.8.0

v74.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11293.json"