Filtered by vendor Cloudfoundry Subscriptions
Total 108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-5418 1 Cloudfoundry 2 Capi-release, Cf-deployment 2024-09-17 4.3 Medium
Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).
CVE-2019-11278 1 Cloudfoundry 1 User Account And Authentication 2024-09-16 8.8 High
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.
CVE-2019-3782 1 Cloudfoundry 1 Credhub Cli 2024-09-16 7.8 High
Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user.
CVE-2019-11282 2 Cloudfoundry, Pivotal Software 2 Cf-deployment, Cloud Foundry Uaa 2024-09-16 4.3 Medium
Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA.
CVE-2018-1266 1 Cloudfoundry 1 Capi-release 2024-09-16 8.1 High
Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance.
CVE-2019-3783 1 Cloudfoundry 1 Stratos 2024-09-16 8.8 High
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.
CVE-2019-3780 1 Cloudfoundry 1 Container Runtime 2024-09-16 8.8 High
Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAAS account.
CVE-2019-3775 1 Cloudfoundry 1 Uaa Release 2024-09-16 N/A
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
CVE-2019-11289 1 Cloudfoundry 2 Cf-deployment, Routing-release 2024-09-16 8.6 High
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
CVE-2019-3788 1 Cloudfoundry 1 Uaa Release 2024-09-16 N/A
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.
CVE-2019-11290 1 Cloudfoundry 2 Cf-deployment, User Account And Authentication 2024-09-16 7.5 High
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
CVE-2019-3781 1 Cloudfoundry 1 Command Line Interface 2024-09-16 8.8 High
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.
CVE-2018-1195 1 Cloudfoundry 3 Capi-release, Cf-deployment, Cf-release 2024-09-16 8.8 High
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.
CVE-2019-11277 1 Cloudfoundry 2 Cf-deployment, Nfs Volume Release 2024-09-16 8.1 High
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.
CVE-2019-11274 1 Cloudfoundry 1 User Account And Authentication 2024-09-16 6.1 Medium
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.
CVE-2020-5399 2 Cloudfoundry, Pivotal Software 2 Credhub, Cloud Foundry Cf-deployment 2024-09-16 7.4 High
Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components.
CVE-2019-3784 1 Cloudfoundry 1 Stratos 2024-09-16 N/A
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.
CVE-2019-3779 1 Cloudfoundry 1 Container Runtime 2024-09-16 N/A
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.
CVE-2016-2169 1 Cloudfoundry 3 Capi-release, Cf-release, Cloud Controller 2024-09-16 N/A
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.
CVE-2019-11293 1 Cloudfoundry 2 Cf-deployment, User Account And Authentication 2024-09-16 6.5 Medium
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.