CVE-2019-11294

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11294

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11294.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11294

Published

2019-12-19T20:15:12.347Z

Modified

2026-04-10T04:14:10.752885Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.

References

https://www.cloudfoundry.org/blog/cve-2019-11294

Affected packages

Git / github.com/cloudfoundry/capi-release

Affected ranges

Type

GIT

Repo

https://github.com/cloudfoundry/capi-release

Events

Introduced

Last affected

a07fb02608701a6c83468454cc00f6572d63e5fe

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.88.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/cloudfoundry/cf-deployment

Events

Introduced

Fixed

1a093d5ba2c33568a44043e3420f61b9fb29da9f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.7.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.1.0

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.15.0

1.16.0

1.19.0

1.2.0

1.20.0

1.21.0

1.22.0

1.23.0

1.24.0

1.25.0

1.26.0

1.27.0

1.28.0

1.3.0

1.30.0

1.31.0

1.32.0

1.33.0

1.34.0

1.35.0

1.36.0

1.38.0

1.4.0

1.40.0

1.41.0

1.42.0

1.46.0

1.47.0

1.49.0

1.5.0

1.50.0

1.51.0

1.52.0

1.53.0

1.55.0

1.57.0

1.58.0

1.59.0

1.6.0

1.62.0

1.63.0

1.64.0

1.65.0

1.66.0

1.67.0

1.69.0

1.7.0

1.70.0

1.72.0

1.74.0

1.75.0

1.76.0

1.77.0

1.79.0

1.8.0

1.80.0

1.82.0

1.83.0

1.84.0

1.85.0

1.86.0

1.87.0

1.88.0

1.9.0

Other

list

v0.*

v0.0.0

v0.0.1

v0.0.2

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.2.0

v0.2.1

v0.2.2

v0.28.0

v0.29.0

v0.3.0

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.5.0

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.36.0

v1.37.0

v1.38.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

v10.*

v10.0.0

v10.1.0

v11.*

v11.0.0

v11.1.0

v11.2.0

v12.*

v12.0.0

v12.1.0

v12.2.0

v12.3.0

v12.4.0

v12.5.0

v12.6.0

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.3.0

v2.4.0

v2.5.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.5.0

v3.6.0

v4.*

v4.0.0

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.5.0

v5.*

v5.0.0

v5.1.0

v5.3.0

v5.4.0

v5.5.0

v6.*

v6.0.0

v6.1.0

v6.10.0

v6.2.0

v6.3.0

v6.4.0

v6.5.0

v6.6.0

v6.7.0

v6.8.0

v6.9.0

v7.*

v7.0.0

v7.1.0

v7.2.0

v7.3.0

v7.4.0

v7.5.0

v7.6.0

v7.8.0

v7.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11294.json"