Filtered by vendor Cloudfoundry
Subscribe
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3783 | 1 Cloudfoundry | 1 Stratos | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | |||||
| CVE-2019-3784 | 1 Cloudfoundry | 1 Stratos | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id. | |||||
| CVE-2019-3786 | 1 Cloudfoundry | 1 Bosh Backup And Restore | 2023-12-10 | 4.0 MEDIUM | 7.1 HIGH |
| Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable. | |||||
| CVE-2016-0708 | 1 Cloudfoundry | 2 Cf-release, Java Buildpack | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue. | |||||
| CVE-2019-3782 | 1 Cloudfoundry | 1 Credhub Cli | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
| Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify credentials stored in CredHub that are authorized to the targeted user. | |||||
| CVE-2018-11084 | 1 Cloudfoundry | 1 Garden-runc | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps. | |||||
| CVE-2018-1193 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections. | |||||
| CVE-2016-2169 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Cloud Controller | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service. | |||||
| CVE-2018-1267 | 1 Cloudfoundry | 1 Silk-release | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the network regardless of the configured routing policies. | |||||
| CVE-2018-1277 | 1 Cloudfoundry | 2 Cf-deployment, Garden-runc | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell. | |||||
| CVE-2018-1265 | 2 Cloudfoundry, Pivotal Software | 2 Cf-deployment, Cloud Foundry Diego | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell. | |||||
| CVE-2018-1266 | 1 Cloudfoundry | 1 Capi-release | 2023-12-10 | 6.5 MEDIUM | 8.1 HIGH |
| Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance. | |||||
| CVE-2016-6658 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2023-12-10 | 4.0 MEDIUM | 9.6 CRITICAL |
| Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials. | |||||
| CVE-2018-1269 | 1 Cloudfoundry | 1 Loggregator | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated user may construct malicious requests to cause the traffic controller to leave dangling TCP connections, which could cause denial of service. | |||||
| CVE-2018-1191 | 1 Cloudfoundry | 2 Cf-deployment, Garden-runc-release | 2023-12-10 | 3.5 LOW | 8.8 HIGH |
| Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials. | |||||
| CVE-2018-1221 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
| In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service. | |||||
| CVE-2018-1195 | 1 Cloudfoundry | 3 Capi-release, Cf-deployment, Cf-release | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication. | |||||
| CVE-2018-1268 | 1 Cloudfoundry | 1 Loggregator | 2023-12-10 | 4.9 MEDIUM | 6.8 MEDIUM |
| Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app. | |||||
| CVE-2015-5350 | 1 Cloudfoundry | 1 Garden | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet. | |||||
| CVE-2018-1262 | 2 Cloudfoundry, Pivotal Software | 3 Cf-deployment, Cloud Foundry Uaa, Cloud Foundry Uaa-release | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation. | |||||