Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry cf-deployment vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2018-1221
In cf-deployment prior to 1.14.0 and routing-release prior to 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to ste...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
5
CVSSv2
CVE-2021-22100
In cloud foundry CAPI versions before 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for any...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
6.5
CVSSv2
CVE-2020-5417
Cloud Foundry CAPI (Cloud Controller), versions before 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive route...
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
4
CVSSv2
CVE-2020-5400
Cloud Foundry Cloud Controller (CAPI), versions before 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to reso...
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
5
CVSSv2
CVE-2021-22101
Cloud Controller versions before 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated malicious users to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous ...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
4
CVSSv2
CVE-2021-22115
Cloud Controller API versions before 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
NA
CVE-2024-22279
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated malicious user to degrade the service availability of the Cloud Foundry deployment if performed at scale.
Cloudfoundry Routing Release
Cloudfoundry Cf-deployment
5
CVSSv2
CVE-2019-3801
Cloud Foundry cf-deployment, versions before 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the compo...
Cloudfoundry Cf-deployment
Cloudfoundry Uaa Release
Cloudfoundry Credhub
5.5
CVSSv2
CVE-2019-11277
Cloud Foundry NFS Volume Service, 1.7.x versions before 1.7.11 and 2.x versions before 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space deve...
Cloudfoundry Nfs Volume Release
Cloudfoundry Cf-deployment
4
CVSSv2
CVE-2019-11294
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release 1.88.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »