Security Advisory

CVE-2019-11293

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-06 20:00:17

Last updated 2024-09-16 17:57:54

Assigner pivotal

State PUBLISHED

Description

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.

← Browse all CVEs View on cve.org ↗