Vulnerability-Lookup

CVE-2019-11289 (GCVE-0-2019-11289)

Vulnerability from cvelistv5 – Published: 2019-11-19 18:41 – Updated: 2024-09-16 22:14

Title

A forged route service request using an invalid nonce can cause the gorouter to panic and crash

Summary

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

Severity ?

8.6 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

pivotal

References

URL

	Vendor	Product	Version
	Cloud Foundry	Routing	Affected: All , < 0.193.0 (custom)

FKIE_CVE-2019-11289

Vulnerability from fkie_nvd - Published: 2019-11-19 19:15 - Updated: 2024-11-21 04:20

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

	URL	Tags
	security@pivotal.io	https://www.cloudfoundry.org/blog/cve-2019-11289	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.cloudfoundry.org/blog/cve-2019-11289	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cloudfoundry	cf-deployment	*
	cloudfoundry	routing-release	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52952F0-39D5-43CC-AAE5-C38506275F02",
              "versionEndExcluding": "12.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E396ACE0-EE13-4A56-9E6C-EC50AD2A9EB0",
              "versionEndExcluding": "0.193.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash."
    },
    {
      "lang": "es",
      "value": "Cloud Foundry Routing, todas las versiones anteriores a la versi\u00f3n 0.193.0, no valida correctamente la entrada nonce. Un usuario malintencionado remoto no autenticado podr\u00eda falsificar una solicitud de servicio de ruta HTTP utilizando un nonce no v\u00e1lido que provocar\u00e1 el bloqueo del Gorouter."
    }
  ],
  "id": "CVE-2019-11289",
  "lastModified": "2024-11-21T04:20:51.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "security@pivotal.io",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-19T19:15:23.673",
  "references": [
    {
      "source": "security@pivotal.io",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/blog/cve-2019-11289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.cloudfoundry.org/blog/cve-2019-11289"
    }
  ],
  "sourceIdentifier": "security@pivotal.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security@pivotal.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-5796-P3M6-9QJ4

Vulnerability from github – Published: 2021-05-18 15:31 – Updated: 2024-05-20 19:56

Summary

Cloud Foundry Routing Improper Input Validation vulnerability

Details

Cloud Foundry Routing, all versions before 0.0.0-20191101214924-b1b5c44e050f, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "code.cloudfoundry.org/gorouter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20191101214924-b1b5c44e050f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-11289"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-17T21:24:54Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Cloud Foundry Routing, all versions before 0.0.0-20191101214924-b1b5c44e050f, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.",
  "id": "GHSA-5796-p3m6-9qj4",
  "modified": "2024-05-20T19:56:16Z",
  "published": "2021-05-18T15:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11289"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudfoundry/gorouter"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2021-0102"
    },
    {
      "type": "WEB",
      "url": "https://www.cloudfoundry.org/blog/cve-2019-11289"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cloud Foundry Routing Improper Input Validation vulnerability"
}

CNVD-2019-44138

Vulnerability from cnvd - Published: 2019-12-06

Title

Cloud Foundry Routing输入验证错误漏洞

Description

Cloud Foundry是美国Cloud Foundry基金会的一套开源的平台即服务（PaaS）云计算平台。该产品提供容器调度、持续交付和自动化服务部署等功能。Routing是其中的一个路由组件。 Cloud Foundry Routing 0.193.0之前版本中存在输入验证错误漏洞，攻击者可使用无效的随机数伪造路由服务请求利用该漏洞导致Gorouter崩溃。

Severity

高

Patch Name

Cloud Foundry Routing输入验证错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.cloudfoundry.org/blog/cve-2019-11289

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-11289

Impacted products

Name
Cloud Foundry Cloud Foundry Routing <0.193.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-11289"
    }
  },
  "description": "Cloud Foundry\u662f\u7f8e\u56fdCloud Foundry\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002\u8be5\u4ea7\u54c1\u63d0\u4f9b\u5bb9\u5668\u8c03\u5ea6\u3001\u6301\u7eed\u4ea4\u4ed8\u548c\u81ea\u52a8\u5316\u670d\u52a1\u90e8\u7f72\u7b49\u529f\u80fd\u3002Routing\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8def\u7531\u7ec4\u4ef6\u3002\n\nCloud Foundry Routing 0.193.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4f7f\u7528\u65e0\u6548\u7684\u968f\u673a\u6570\u4f2a\u9020\u8def\u7531\u670d\u52a1\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4Gorouter\u5d29\u6e83\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.cloudfoundry.org/blog/cve-2019-11289",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-44138",
  "openTime": "2019-12-06",
  "patchDescription": "Cloud Foundry\u662f\u7f8e\u56fdCloud Foundry\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5e73\u53f0\u5373\u670d\u52a1\uff08PaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002\u8be5\u4ea7\u54c1\u63d0\u4f9b\u5bb9\u5668\u8c03\u5ea6\u3001\u6301\u7eed\u4ea4\u4ed8\u548c\u81ea\u52a8\u5316\u670d\u52a1\u90e8\u7f72\u7b49\u529f\u80fd\u3002Routing\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8def\u7531\u7ec4\u4ef6\u3002\r\n\r\nCloud Foundry Routing 0.193.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4f7f\u7528\u65e0\u6548\u7684\u968f\u673a\u6570\u4f2a\u9020\u8def\u7531\u670d\u52a1\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4Gorouter\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cloud Foundry Routing\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cloud Foundry Cloud Foundry Routing \u003c0.193.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-11289",
  "serverity": "\u9ad8",
  "submitTime": "2019-11-21",
  "title": "Cloud Foundry Routing\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

GSD-2019-11289

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-11289

Aliases

CVE-2019-11289

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-11289",
    "description": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.",
    "id": "GSD-2019-11289"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-11289"
      ],
      "details": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.",
      "id": "GSD-2019-11289",
      "modified": "2023-12-13T01:24:02.083841Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@pivotal.io",
        "DATE_PUBLIC": "2019-11-18T00:00:00.000Z",
        "ID": "CVE-2019-11289",
        "STATE": "PUBLIC",
        "TITLE": "A forged route service request using an invalid nonce can cause the gorouter to panic and crash"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Routing",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_name": "All",
                          "version_value": "0.193.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cloud Foundry"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cloudfoundry.org/blog/cve-2019-11289",
            "refsource": "CONFIRM",
            "url": "https://www.cloudfoundry.org/blog/cve-2019-11289"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c0.0.0-20191101214924-b1b5c44e050f",
          "affected_versions": "All versions before 0.0.0-20191101214924-b1b5c44e050f",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2023-02-14",
          "description": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.",
          "fixed_versions": [
            "0.0.0-20191101214924-b1b5c44e050f"
          ],
          "identifier": "CVE-2019-11289",
          "identifiers": [
            "GHSA-5796-p3m6-9qj4",
            "CVE-2019-11289"
          ],
          "not_impacted": "All versions starting from 0.0.0-20191101214924-b1b5c44e050f",
          "package_slug": "go/code.cloudfoundry.org/gorouter",
          "pubdate": "2021-05-18",
          "solution": "Upgrade to version 0.0.0-20191101214924-b1b5c44e050f or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11289",
            "https://www.cloudfoundry.org/blog/cve-2019-11289",
            "https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f",
            "https://pkg.go.dev/vuln/GO-2021-0102",
            "https://github.com/advisories/GHSA-5796-p3m6-9qj4"
          ],
          "uuid": "dace7619-50b1-4e4e-a002-4bdb03eb05f8"
        },
        {
          "affected_range": "\u003c0.193.0",
          "affected_versions": "All versions before 0.193.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2021-05-18",
          "description": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.",
          "fixed_versions": [
            "0.193.0"
          ],
          "identifier": "CVE-2019-11289",
          "identifiers": [
            "GHSA-5796-p3m6-9qj4",
            "CVE-2019-11289"
          ],
          "not_impacted": "All versions starting from 0.193.0",
          "package_slug": "go/code.cloudfoundry.org/gorouter/common/secure",
          "pubdate": "2021-05-18",
          "solution": "Upgrade to version 0.193.0 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11289",
            "https://www.cloudfoundry.org/blog/cve-2019-11289",
            "https://github.com/advisories/GHSA-5796-p3m6-9qj4"
          ],
          "uuid": "967bd4ce-0043-44e3-ba26-f995385dd230"
        },
        {
          "affected_range": "\u003cv0.0.0-20191101214924-b1b5c44e050f",
          "affected_versions": "All versions before 0.0.0-20191101214924-b1b5c44e050f",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2023-02-14",
          "description": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.",
          "fixed_versions": [
            "v0.0.0-20191101214924-b1b5c44e050f"
          ],
          "identifier": "CVE-2019-11289",
          "identifiers": [
            "GHSA-5796-p3m6-9qj4",
            "CVE-2019-11289"
          ],
          "not_impacted": "All versions starting from 0.0.0-20191101214924-b1b5c44e050f",
          "package_slug": "go/github.com/cloudfoundry/gorouter",
          "pubdate": "2021-05-18",
          "solution": "Upgrade to version 0.0.0-20191101214924-b1b5c44e050f or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11289",
            "https://www.cloudfoundry.org/blog/cve-2019-11289",
            "https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f",
            "https://pkg.go.dev/vuln/GO-2021-0102",
            "https://github.com/advisories/GHSA-5796-p3m6-9qj4"
          ],
          "uuid": "6dbd7120-7582-4b0c-bfca-921ed3f3ddb4",
          "versions": []
        },
        {
          "affected_range": "\u003cv0.0.0-20191101214924-b1b5c44e050f",
          "affected_versions": "All versions before 0.0.0-20191101214924-b1b5c44e050f",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2023-02-07",
          "description": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.",
          "fixed_versions": [
            "v0.0.0-20191101214924-b1b5c44e050f"
          ],
          "identifier": "CVE-2019-11289",
          "identifiers": [
            "GHSA-5796-p3m6-9qj4",
            "CVE-2019-11289"
          ],
          "not_impacted": "All versions starting from 0.0.0-20191101214924-b1b5c44e050f",
          "package_slug": "go/github.com/cloudfoundry/gorouter/common/secure",
          "pubdate": "2021-05-18",
          "solution": "Upgrade to version 0.0.0-20191101214924-b1b5c44e050f or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-11289",
            "https://www.cloudfoundry.org/blog/cve-2019-11289",
            "https://github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f",
            "https://pkg.go.dev/vuln/GO-2021-0102",
            "https://github.com/advisories/GHSA-5796-p3m6-9qj4"
          ],
          "uuid": "14398c9e-e65b-4a7a-b1da-d80fd255d514",
          "versions": []
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cloudfoundry:routing-release:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.193.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@pivotal.io",
          "ID": "CVE-2019-11289"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudfoundry.org/blog/cve-2019-11289",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.cloudfoundry.org/blog/cve-2019-11289"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2020-01-03T14:15Z",
      "publishedDate": "2019-11-19T19:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-11289 (GCVE-0-2019-11289)

FKIE_CVE-2019-11289

GHSA-5796-P3M6-9QJ4

CNVD-2019-44138

GSD-2019-11289

Tags

Sightings

Nomenclature