CVE-2019-11271 is a vulnerability in Pivotal Software Bosh
Published on June 19, 2019
Bosh Deployment logs leak sensitive information
Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Director that does not properly redact credentials when configured to use a MySQL database. A local authenticated malicious user may read any credentials that are contained in a BOSH manifest.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2019-11271
Want to know whenever a new CVE is published for Pivotal Software Bosh? stack.watch will email you.
Affected Versions
Cloud Foundry BOSH:- Version 270 and below v270.1.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.