Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry capi-release vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-5417
Cloud Foundry CAPI (Cloud Controller), versions before 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive route...
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
8.8
CVSSv3
CVE-2018-1195
In Cloud Controller versions before 1.46.0, cf-deployment versions before 1.3.0, and cf-release versions before 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwis...
Cloudfoundry Cf-release
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
8.1
CVSSv3
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This...
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
Cloudfoundry Loggregator-agent
8.1
CVSSv3
CVE-2019-3785
Cloud Foundry Cloud Controller, versions before 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the ...
Cloudfoundry Capi-release
8.1
CVSSv3
CVE-2018-1266
Cloud Foundry Cloud Controller, versions before 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the abi...
Cloudfoundry Capi-release
7.8
CVSSv3
CVE-2017-8048
In Cloud Foundry capi-release versions 1.33.0 and later, before 1.42.0 and cf-release versions 268 and later, before 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing ...
Pivotal Capi-release 1.34.0
Pivotal Capi-release 1.33.0
Cloudfoundry Cf-release 269
Cloudfoundry Cf-release 268
Pivotal Capi-release 1.41.0
Pivotal Capi-release 1.40.0
Pivotal Capi-release 1.39.0
Cloudfoundry Cf-release 272
Cloudfoundry Cf-release 270
Pivotal Capi-release 1.37.0
Pivotal Capi-release 1.35.0
Cloudfoundry Cf-release 273
Cloudfoundry Cf-release 271
Pivotal Capi-release 1.38.0
Pivotal Capi-release 1.36.0
7.8
CVSSv3
CVE-2017-8033
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushin...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
7.8
CVSSv3
CVE-2017-8036
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller V...
Cloudfoundry Capi-release 1.33.0
7.5
CVSSv3
CVE-2021-22101
Cloud Controller versions before 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated malicious users to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous ...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
7.5
CVSSv3
CVE-2020-5423
CAPI (Cloud Controller) versions before 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »