Filtered by vendor Pivotal
Subscriptions
Filtered by product Cloud Foundry Routing Release
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-34061 | 1 Pivotal | 2 Cloud Foundry Deployment, Cloud Foundry Routing Release | 2024-11-21 | 7.5 High |
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. | ||||
CVE-2019-3800 | 27 Anynines, Apigee, Appdynamics and 24 more | 55 Elasticsearch, Logme, Mongodb and 52 more | 2024-11-21 | N/A |
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. |
Page 1 of 1.