Filtered by vendor Cloudfoundry
Subscribe
Total
102 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3779 | 1 Cloudfoundry | 1 Container Runtime | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD. | |||||
CVE-2019-3798 | 1 Cloudfoundry | 1 Capi-release | 2019-10-09 | 6.0 MEDIUM | 7.5 HIGH |
Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim. | |||||
CVE-2019-3788 | 1 Cloudfoundry | 1 Uaa Release | 2019-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. | |||||
CVE-2019-3775 | 1 Cloudfoundry | 1 Uaa Release | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user. | |||||
CVE-2019-3784 | 1 Cloudfoundry | 1 Stratos | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id. | |||||
CVE-2019-11274 | 1 Cloudfoundry | 1 User Account And Authentication | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute. | |||||
CVE-2019-11277 | 1 Cloudfoundry | 2 Cf-deployment, Nfs Volume Release | 2019-10-09 | 5.5 MEDIUM | 8.1 HIGH |
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack. | |||||
CVE-2018-1191 | 1 Cloudfoundry | 2 Cf-deployment, Garden-runc-release | 2019-10-09 | 3.5 LOW | 8.8 HIGH |
Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. | |||||
CVE-2018-11084 | 1 Cloudfoundry | 1 Garden-runc | 2019-10-09 | 5.5 MEDIUM | 6.5 MEDIUM |
Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps. | |||||
CVE-2017-4970 | 1 Cloudfoundry | 2 Cf-release, Staticfile Buildpack | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root. Applications containing a Staticfile.auth file but not a Static file had their basic auth turned off when an operator upgraded the Static file build pack in the foundation to one of the vulnerable versions. Note that Static file applications without a Static file are technically misconfigured, and will not successfully detect unless the Static file build pack is explicitly specified. | |||||
CVE-2018-1193 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections. | |||||
CVE-2017-8034 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Routing-release | 2019-10-02 | 6.0 MEDIUM | 6.6 MEDIUM |
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. | |||||
CVE-2017-4969 | 1 Cloudfoundry | 1 Cf-release | 2019-10-02 | 6.8 MEDIUM | 6.5 MEDIUM |
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks. | |||||
CVE-2017-8037 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2019-03-22 | 5.0 MEDIUM | 7.5 HIGH |
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. | |||||
CVE-2016-0708 | 1 Cloudfoundry | 2 Cf-release, Java Buildpack | 2018-09-11 | 4.3 MEDIUM | 5.9 MEDIUM |
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue. | |||||
CVE-2018-1277 | 1 Cloudfoundry | 2 Cf-deployment, Garden-runc | 2018-06-13 | 4.0 MEDIUM | 6.5 MEDIUM |
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell. | |||||
CVE-2016-2169 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Cloud Controller | 2018-05-24 | 5.0 MEDIUM | 5.3 MEDIUM |
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service. | |||||
CVE-2016-6658 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2018-04-24 | 4.0 MEDIUM | 9.6 CRITICAL |
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials. | |||||
CVE-2015-5350 | 1 Cloudfoundry | 1 Garden | 2018-04-18 | 5.0 MEDIUM | 7.5 HIGH |
In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet. | |||||
CVE-2016-6655 | 1 Cloudfoundry | 2 Cf-mysql-release, Cf-release | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry. |