Filtered by vendor Cloudfoundry
Subscribe
Total
102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22115 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2021-04-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller. | |||||
| CVE-2020-5423 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2020-12-04 | 7.8 HIGH | 7.5 HIGH |
| CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM. | |||||
| CVE-2019-3780 | 1 Cloudfoundry | 1 Container Runtime | 2020-10-19 | 6.5 MEDIUM | 8.8 HIGH |
| Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account. | |||||
| CVE-2019-3781 | 1 Cloudfoundry | 1 Command Line Interface | 2020-10-19 | 3.5 LOW | 8.8 HIGH |
| Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password. | |||||
| CVE-2019-3783 | 1 Cloudfoundry | 1 Stratos | 2020-10-19 | 4.0 MEDIUM | 8.8 HIGH |
| Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | |||||
| CVE-2019-3782 | 1 Cloudfoundry | 1 Credhub Cli | 2020-10-19 | 2.1 LOW | 7.8 HIGH |
| Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. | |||||
| CVE-2019-3789 | 1 Cloudfoundry | 1 Routing Release | 2020-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route. | |||||
| CVE-2019-3786 | 1 Cloudfoundry | 1 Bosh Backup And Restore | 2020-10-16 | 4.0 MEDIUM | 7.1 HIGH |
| Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable. | |||||
| CVE-2019-11290 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2020-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. | |||||
| CVE-2019-11278 | 1 Cloudfoundry | 1 User Account And Authentication | 2020-10-04 | 6.5 MEDIUM | 8.8 HIGH |
| CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. | |||||
| CVE-2019-11279 | 1 Cloudfoundry | 1 Uaa Release | 2020-10-04 | 6.5 MEDIUM | 8.8 HIGH |
| CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. | |||||
| CVE-2020-5418 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2020-09-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none). | |||||
| CVE-2020-5420 | 1 Cloudfoundry | 2 Cf-deployment, Gorouter | 2020-09-11 | 6.8 MEDIUM | 7.7 HIGH |
| Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters. | |||||
| CVE-2018-1269 | 1 Cloudfoundry | 1 Loggregator | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service. | |||||
| CVE-2018-1268 | 1 Cloudfoundry | 1 Loggregator | 2020-05-04 | 4.9 MEDIUM | 6.8 MEDIUM |
| Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app. | |||||
| CVE-2020-5401 | 1 Cloudfoundry | 1 Routing Release | 2020-03-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app. | |||||
| CVE-2020-5402 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2020-03-03 | 6.8 MEDIUM | 8.8 HIGH |
| In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. | |||||
| CVE-2020-5399 | 2 Cloudfoundry, Pivotal Software | 2 Credhub, Cloud Foundry Cf-deployment | 2020-02-27 | 5.8 MEDIUM | 7.4 HIGH |
| Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components. | |||||
| CVE-2019-11289 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2020-01-03 | 7.8 HIGH | 8.6 HIGH |
| Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. | |||||
| CVE-2019-11293 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2019-12-12 | 3.5 LOW | 6.5 MEDIUM |
| Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters. | |||||