Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cf-release vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-8047
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishi...
Pivotal Routing-release
Cloudfoundry Cf-release
5.3
CVSSv3
CVE-2016-2169
Cloud Foundry Cloud Controller, capi-release versions before 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for t...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
9.8
CVSSv3
CVE-2016-6655
An issue exists in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability exists in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to...
Cloudfoundry Cf-mysql-release
Cloudfoundry Cf-release
6.1
CVSSv3
CVE-2018-1190
An issue exists in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter o...
Pivotal Uaa Bosh
Pivotal Uaa
Cloudfoundry Cf-release
6.6
CVSSv3
CVE-2017-8034
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations,...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
Cloudfoundry Routing-release
6.5
CVSSv3
CVE-2015-1834
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions before 1.4.2. Path traversal is the 'outbreak' of a given directory structure ...
Pivotal Software Cloud Foundry Elastic Runtime
Cloudfoundry Cf-release
6.5
CVSSv3
CVE-2017-14389
An issue exists in Cloud Foundry Foundation capi-release (all versions before 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing...
Cloudfoundry Cf-release
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
9.6
CVSSv3
CVE-2016-6658
Applications in cf-release prior to 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the C...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
8.8
CVSSv3
CVE-2018-1195
In Cloud Controller versions before 1.46.0, cf-deployment versions before 1.3.0, and cf-release versions before 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwis...
Cloudfoundry Cf-release
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
5.3
CVSSv3
CVE-2017-8031
An issue exists in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions before 30.6, 45.x versions before 45.4, 52.x versions before 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for o...
Cloudfoundry Cf-release
Cloudfoundry Uaa-release
Cloudfoundry Uaa-release 52
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »