Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-11280

Опубликовано: 20 сент. 2019
Источник: nvd
CVSS3: 8.8
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*
Версия от 2.3.0 (включая) до 2.3.18 (исключая)
cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*
Версия от 2.4.0 (включая) до 2.4.14 (исключая)
cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*
Версия от 2.5.0 (включая) до 2.5.10 (исключая)
cpe:2.3:a:pivotal_software:pivotal_application_service:*:*:*:*:*:*:*:*
Версия от 2.6.0 (включая) до 2.6.5 (исключая)

EPSS

Процентиль: 68%
0.00557
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269
CWE-269

Связанные уязвимости

github логотип

GHSA-3882-vm2r-v25j

CVSS3: 8.8
github
больше 3 лет назад

Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.

EPSS

Процентиль: 68%
0.00557
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269
CWE-269