Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry cf-deployment vulnerabilities and exploits
(subscribe to this query)
7.7
CVSSv3
CVE-2020-5420
Cloud Foundry Routing (Gorouter) versions before 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.
Cloudfoundry Cf-deployment
Cloudfoundry Gorouter
6.5
CVSSv3
CVE-2020-5416
Cloud Foundry Routing (Gorouter), versions before 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP request...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
8.8
CVSSv3
CVE-2020-5417
Cloud Foundry CAPI (Cloud Controller), versions before 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive route...
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
5.9
CVSSv3
CVE-2020-15586
Go prior to 1.13.13 and 1.14.x prior to 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
Golang Go
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.5
CVSSv3
CVE-2020-5400
Cloud Foundry Cloud Controller (CAPI), versions before 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to reso...
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
8.8
CVSSv3
CVE-2020-5402
In Cloud Foundry UAA, versions before 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
7.4
CVSSv3
CVE-2020-5399
Cloud Foundry CredHub, versions before 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access t...
Cloudfoundry Credhub
Pivotal Software Cloud Foundry Cf-deployment
4.3
CVSSv3
CVE-2019-11294
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release 1.88.0
6.5
CVSSv3
CVE-2019-11293
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided vi...
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
7.5
CVSSv3
CVE-2019-11290
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »