CVE-2019-11276

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged.

CVSS v3 5.4 MEDIUM
CVSS v2.0 4.8 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://pivotal.io/security/cve-2019-11276	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pivotal_software:application_service::::::::
	cpe:2.3:a:pivotal_software:application_service::::::::
	cpe:2.3:a:pivotal_software:application_service::::::::
	cpe:2.3:a:pivotal_software:application_service::::::::

History

No history.

Information

Published : 2019-08-19 15:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-11276

Mitre link : CVE-2019-11276

CVE.ORG link : CVE-2019-11276

JSON object : View

Products Affected

pivotal_software

application_service

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2019-11276", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "security@pivotal.io", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2019-08-19T15:15:11.280", "references": [{"url": "https://pivotal.io/security/cve-2019-11276", "tags": ["Vendor Advisory"], "source": "security@pivotal.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "security@pivotal.io", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged."}, {"lang": "es", "value": "Pivotal Apps Manager, incluido en Pivotal Application Service versiones 2.3.x anteriores a 2.3.16, versiones 2.4.x anteriores a 2.4.12, versiones 2.5.x anteriores a 2.5.8, y versiones 2.6.x anteriores a 2.6.3, realiza una petici\u00f3n al endpoint /cloudapplication por medio del actuador Spring, y las peticiones subsiguientes por medio de http no asegurado. Un usuario no autenticado adyacente podr\u00eda detectar el tr\u00e1fico de la red y conseguir acceso al token no cifrado que permite al atacante leer el tipo de acceso que presenta un usuario por medio de una aplicaci\u00f3n. Tambi\u00e9n pueden modificar el nivel de registro, lo que podr\u00eda conllevar a la p\u00e9rdida de informaci\u00f3n que de otra manera se habr\u00eda registrado."}], "lastModified": "2020-10-16T13:22:39.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:application_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAFBBB99-898B-42F2-AE5C-5807F51FEE73", "versionEndExcluding": "2.3.16", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:pivotal_software:application_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B12C041E-2AC9-44AB-9526-8888C717DEF4", "versionEndExcluding": "2.4.12", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:pivotal_software:application_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE83BAAB-D83A-4E7B-8E65-946A11F314B4", "versionEndExcluding": "2.5.8", "versionStartIncluding": "2.5.0"}, {"criteria": "cpe:2.3:a:pivotal_software:application_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8822F855-AAF9-41E6-A2F7-A34195A3998B", "versionEndExcluding": "2.6.3", "versionStartIncluding": "2.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@pivotal.io"}