CVE-2019-11277

Summary

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryCF NFS volume release1.7 < v1.7.11affected
Cloud FoundryCF NFS volume release2.3 < v2.3.0affected
Cloud FoundryCF DeploymentAll < v11.1.0affected

Weaknesses

  • CWE-90: CWE-90: LDAP Injection

ADP Enrichment

CVE Program Container

Additional References

References