Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry capi-release vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2020-5423
CAPI (Cloud Controller) versions before 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
445
VMScore
CVE-2016-9882
An issue exists in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
445
VMScore
CVE-2017-8035
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on ...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
578
VMScore
CVE-2018-1266
Cloud Foundry Cloud Controller, versions before 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the abi...
Cloudfoundry Capi-release
490
VMScore
CVE-2019-3785
Cloud Foundry Cloud Controller, versions before 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the ...
Cloudfoundry Capi-release
534
VMScore
CVE-2019-3798
Cloud Foundry Cloud Controller API Release, versions before 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalat...
Cloudfoundry Capi-release
356
VMScore
CVE-2019-11294
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release 1.88.0
578
VMScore
CVE-2018-1195
In Cloud Controller versions before 1.46.0, cf-deployment versions before 1.3.0, and cf-release versions before 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwis...
Cloudfoundry Cf-release
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
356
VMScore
CVE-2017-14389
An issue exists in Cloud Foundry Foundation capi-release (all versions before 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
Cloudfoundry Cf-release
534
VMScore
CVE-2017-8034
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations,...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
Cloudfoundry Routing-release
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »