Filtered by vendor Cloudfoundry Subscriptions
Total 108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-5350 1 Cloudfoundry 1 Garden 2024-09-16 N/A
In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet.
CVE-2020-5401 1 Cloudfoundry 1 Routing Release 2024-09-16 5.3 Medium
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
CVE-2020-5417 1 Cloudfoundry 2 Capi-release, Cf-deployment 2024-09-16 8.8 High
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.
CVE-2018-1262 2 Cloudfoundry, Pivotal Software 3 Cf-deployment, Cloud Foundry Uaa, Cloud Foundry Uaa-release 2024-09-16 N/A
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
CVE-2020-5402 1 Cloudfoundry 2 Cf-deployment, User Account And Authentication 2024-09-16 8.8 High
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
CVE-2020-5416 1 Cloudfoundry 2 Cf-deployment, Routing-release 2024-09-16 6.5 Medium
Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool.
CVE-2018-11084 1 Cloudfoundry 1 Garden-runc 2024-09-16 N/A
Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.
CVE-2015-5172 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-08-06 9.8 Critical
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
CVE-2015-5173 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-08-06 8.8 High
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage."
CVE-2015-5171 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-08-06 9.8 Critical
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
CVE-2015-5170 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-08-06 8.8 High
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.
CVE-2015-3189 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-08-06 3.7 Low
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
CVE-2015-3190 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-08-06 6.1 Medium
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.
CVE-2015-3191 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2024-08-06 8.8 High
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
CVE-2015-1834 2 Cloudfoundry, Pivotal Software 2 Cf-release, Cloud Foundry Elastic Runtime 2024-08-06 6.5 Medium
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.
CVE-2016-9882 1 Cloudfoundry 2 Capi-release, Cf-release 2024-08-06 7.5 High
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog.
CVE-2016-8219 1 Cloudfoundry 2 Capi-release, Cf-release 2024-08-06 6.5 Medium
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.
CVE-2016-8218 1 Cloudfoundry 2 Cf-release, Routing-release 2024-08-06 N/A
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
CVE-2016-6655 1 Cloudfoundry 2 Cf-mysql-release, Cf-release 2024-08-06 N/A
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.
CVE-2016-6658 2 Cloudfoundry, Pivotal Software 2 Cf-release, Cloud Foundry Elastic Runtime 2024-08-06 N/A
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.