Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cf-release vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2015-5170
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow remote malicious users to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack o...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
8.8
CVSSv3
CVE-2015-5173
Cloud Foundry Runtime cf-release prior to 216, UAA prior to 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime prior to 1.7.0 allow malicious users to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Domain Referer Leakage.&qu...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
6.1
CVSSv3
CVE-2017-8047
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishi...
Cloudfoundry Cf-release
Pivotal Routing-release
7.8
CVSSv3
CVE-2017-8048
In Cloud Foundry capi-release versions 1.33.0 and later, before 1.42.0 and cf-release versions 268 and later, before 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing ...
Pivotal Capi-release 1.34.0
Pivotal Capi-release 1.33.0
Cloudfoundry Cf-release 269
Cloudfoundry Cf-release 268
Pivotal Capi-release 1.41.0
Pivotal Capi-release 1.40.0
Pivotal Capi-release 1.39.0
Cloudfoundry Cf-release 272
Cloudfoundry Cf-release 270
Pivotal Capi-release 1.37.0
Pivotal Capi-release 1.35.0
Cloudfoundry Cf-release 273
Cloudfoundry Cf-release 271
Pivotal Capi-release 1.38.0
Pivotal Capi-release 1.36.0
8.8
CVSSv3
CVE-2016-0732
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 up to and including 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 up to and including 1.6.13 allows remote authenticated users with p...
Cloudfoundry Cf-release
Cloudfoundry User Account And Authentication 2.2.5.3
Cloudfoundry User Account And Authentication 2.4.1
Cloudfoundry User Account And Authentication 2.4.0
Cloudfoundry User Account And Authentication 2.3.1.1
Cloudfoundry User Account And Authentication 2.0.2
Cloudfoundry User Account And Authentication 2.0.1
Cloudfoundry User Account And Authentication 2.0.0
Cloudfoundry User Account And Authentication 2.7.3
Cloudfoundry User Account And Authentication 2.7.2
Cloudfoundry User Account And Authentication 2.7.0.3
Cloudfoundry User Account And Authentication 2.5.2
Cloudfoundry User Account And Authentication 2.5.0
Cloudfoundry User Account And Authentication 2.2.5.2
Cloudfoundry User Account And Authentication 2.3.0
Cloudfoundry User Account And Authentication 2.2.5
Cloudfoundry User Account And Authentication 2.2.1
Cloudfoundry User Account And Authentication 2.1.0
Cloudfoundry User Account And Authentication 2.7.0.1
Cloudfoundry User Account And Authentication 2.7.0
Cloudfoundry User Account And Authentication 2.6.2
Cloudfoundry User Account And Authentication 2.6.1
4.7
CVSSv3
CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle malicious users to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.
Cloudfoundry Cf-release 196
Cloudfoundry Cf-release 221
Cloudfoundry Cf-release 159
Cloudfoundry Cf-release 162
Cloudfoundry Cf-release 174
Cloudfoundry Cf-release 141
Cloudfoundry Cf-release 152
Cloudfoundry Cf-release 200
Cloudfoundry Cf-release 184
Cloudfoundry Cf-release 222
Cloudfoundry Cf-release 215
Cloudfoundry Cf-release 185
Cloudfoundry Cf-release 218
Cloudfoundry Cf-release 217
Cloudfoundry Cf-release 165
Cloudfoundry Cf-release 173
Cloudfoundry Cf-release 195
Cloudfoundry Cf-release 158
Cloudfoundry Cf-release 212
Cloudfoundry Cf-release 205
Cloudfoundry Cf-release 190
Cloudfoundry Cf-release 148
7.5
CVSSv3
CVE-2017-8037
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefull...
Cloudfoundry Capi-release 1.9.0
Cloudfoundry Capi-release 1.10.0
Cloudfoundry Capi-release 1.17.0
Cloudfoundry Capi-release 1.18.0
Cloudfoundry Capi-release 1.19.0
Cloudfoundry Capi-release 1.26.0
Cloudfoundry Capi-release 1.27.0
Cloudfoundry Capi-release 1.34.0
Cloudfoundry Capi-release 1.35.0
Cloudfoundry Capi-release 1.13.0
Cloudfoundry Capi-release 1.14.0
Cloudfoundry Capi-release 1.22.0
Cloudfoundry Capi-release 1.23.0
Cloudfoundry Capi-release 1.30.0
Cloudfoundry Capi-release 1.31.0
Cloudfoundry Capi-release 1.7.0
Cloudfoundry Capi-release 1.8.0
Cloudfoundry Capi-release 1.15.0
Cloudfoundry Capi-release 1.16.0
Cloudfoundry Capi-release 1.24.0
Cloudfoundry Capi-release 1.25.0
Cloudfoundry Capi-release 1.32.0
7.8
CVSSv3
CVE-2017-8033
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushin...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
7.5
CVSSv3
CVE-2017-8035
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on ...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
6.6
CVSSv3
CVE-2017-8034
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations,...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
Cloudfoundry Routing-release
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »