Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cf-release vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2016-0708
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automati...
Cloudfoundry Java Buildpack
Cloudfoundry Cf-release
5.3
CVSSv3
CVE-2016-2169
Cloud Foundry Cloud Controller, capi-release versions before 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for t...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
9.6
CVSSv3
CVE-2016-6658
Applications in cf-release prior to 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the C...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
8.8
CVSSv3
CVE-2018-1195
In Cloud Controller versions before 1.46.0, cf-deployment versions before 1.3.0, and cf-release versions before 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwis...
Cloudfoundry Cf-release
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
8.8
CVSSv3
CVE-2018-1192
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions before 4.5.5, 4.8.x versions before 4.8.3, and 4.7.x versions before 4.7.4; and UAA-release 45.7.x versions before 45.7, 52.7.x versions before 52.7, and 53.3.x...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloud Foundry Uaa-release 53.3
Pivotal Software Cloud Foundry Uaa-release 52.7
Pivotal Software Cloud Foundry Uaa-release 45.7
Pivotal Software Cloud Foundry Cf-release
Pivotal Software Cloud Foundry Cf-deployment
6.1
CVSSv3
CVE-2018-1190
An issue exists in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter o...
Pivotal Uaa Bosh
Pivotal Uaa
Cloudfoundry Cf-release
6.5
CVSSv3
CVE-2017-14389
An issue exists in Cloud Foundry Foundation capi-release (all versions before 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
Cloudfoundry Cf-release
5.3
CVSSv3
CVE-2017-8031
An issue exists in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions before 30.6, 45.x versions before 45.4, 52.x versions before 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for o...
Cloudfoundry Cf-release
Cloudfoundry Uaa-release
Cloudfoundry Uaa-release 52
9.8
CVSSv3
CVE-2015-5171
The password change functionality in Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact by leveraging failure to expire existing sessions.
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
8.8
CVSSv3
CVE-2015-5173
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage.&qu...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »