Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry cf-deployment vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-31733
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are t...
Cloudfoundry Diego
Cloudfoundry Cf-deployment
7.7
CVSSv3
CVE-2020-5420
Cloud Foundry Routing (Gorouter) versions before 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.
Cloudfoundry Cf-deployment
Cloudfoundry Gorouter
6.5
CVSSv3
CVE-2018-1277
Cloud Foundry Garden-runC, versions before 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially cau...
Cloudfoundry Garden-runc
Cloudfoundry Cf-deployment
8.6
CVSSv3
CVE-2019-11289
Cloud Foundry Routing, all versions prior to 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
6.5
CVSSv3
CVE-2020-5416
Cloud Foundry Routing (Gorouter), versions before 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP request...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
7.5
CVSSv3
CVE-2020-5423
CAPI (Cloud Controller) versions before 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
5.3
CVSSv3
CVE-2018-1193
Cloud Foundry routing-release, versions before 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
5.9
CVSSv3
CVE-2023-20882
In Cloud foundry routing release versions from 0.262.0 and before 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the curre...
Cloudfoundry Routing Release
Cloudfoundry Cf-deployment
5.3
CVSSv3
CVE-2023-34041
Cloud foundry routing release versions before 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
7.5
CVSSv3
CVE-2021-22101
Cloud Controller versions before 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated malicious users to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous ...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »