VYPR
Unrated severityNVD Advisory· Published Sep 23, 2019· Updated Sep 16, 2024

Volume Services is vulnerable to an LDAP injection attack

CVE-2019-11277

Description

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Range: >=1.7.0, <1.7.11; >=2.0.0, <2.3.0
  • Cloud Foundry/CF Deploymentv5
    Range: All
  • Cloud Foundry/CF NFS volume releasev5
    Range: 1.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.