Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry cf-deployment vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2019-11277
Cloud Foundry NFS Volume Service, 1.7.x versions before 1.7.11 and 2.x versions before 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space deve...
Cloudfoundry Nfs Volume Release
Cloudfoundry Cf-deployment
5.5
CVSSv2
CVE-2018-1221
In cf-deployment prior to 1.14.0 and routing-release prior to 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to ste...
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
5
CVSSv2
CVE-2021-22100
In cloud foundry CAPI versions before 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for any...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
5
CVSSv2
CVE-2021-22101
Cloud Controller versions before 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated malicious users to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous ...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
5
CVSSv2
CVE-2021-22001
In UAA versions before 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.
Cloudfoundry User Account And Authentication
Cloudfoundry Cf-deployment
5
CVSSv2
CVE-2019-11290
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
5
CVSSv2
CVE-2019-3801
Cloud Foundry cf-deployment, versions before 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the compo...
Cloudfoundry Cf-deployment
Cloudfoundry Uaa Release
Cloudfoundry Credhub
5
CVSSv2
CVE-2018-1193
Cloud Foundry routing-release, versions before 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
4.3
CVSSv2
CVE-2020-15586
Go prior to 1.13.13 and 1.14.x prior to 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
Golang Go
Cloudfoundry Cf-deployment
Cloudfoundry Routing-release
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4
CVSSv2
CVE-2021-22115
Cloud Controller API versions before 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller.
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »