Filtered by vendor Pivotal Subscriptions
Filtered by product Cloud Foundry Routing Release Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-34061 1 Pivotal 2 Cloud Foundry Deployment, Cloud Foundry Routing Release 2024-11-21 7.5 High
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
CVE-2019-3800 27 Anynines, Apigee, Appdynamics and 24 more 55 Elasticsearch, Logme, Mongodb and 52 more 2024-11-21 N/A
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.