Vulnerabilities > CVE-2019-11294 - Incorrect Authorization vulnerability in Cloudfoundry Cf-Deployment

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cloudfoundry
CWE-863
NVD
Published: 2019-12-19
Updated: 2021-08-17

Summary

Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.

Vulnerable Configurations

Part Description Count
Application
Cloudfoundry
159

Common Weakness Enumeration (CWE)

References