CVE-2019-11277

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.

Published: Sep 23, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11277
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:N/A:P

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
cloudfoundry / nfs_volume_release	2.0.0	2.3.0
cloudfoundry / nfs_volume_release	1.7.0	1.7.11
cloudfoundry / cf-deployment	-	11.1.0

https://www.cloudfoundry.org/blog/cve-2019-11277

Vulnerability Database

289,697

CVE-2019-11277