Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-3781
Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password.
Cloudfoundry Command Line Interface
8.8
CVSSv3
CVE-2019-3783
Cloud Foundry Stratos, versions before 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user.
Cloudfoundry Stratos
6.5
CVSSv3
CVE-2019-3784
Cloud Foundry Stratos, versions before 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the sa...
Cloudfoundry Stratos
7.8
CVSSv3
CVE-2019-3782
Cloud Foundry CredHub CLI, versions before 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retriev...
Cloudfoundry Credhub Cli
8.8
CVSSv3
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions before 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalate...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloudfoundry Uaa Release
9.8
CVSSv3
CVE-2018-11082
Cloud Foundry UAA, all versions before 4.20.0 and Cloud Foundry UAA Release, all versions before 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Pivotal Software Cloudfoundry Uaa Release
Pivotal Software Cloudfoundry Uaa
6.5
CVSSv3
CVE-2018-11084
Cloud Foundry Garden-runC release, versions before 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scal...
Cloudfoundry Garden-runc
5.9
CVSSv3
CVE-2016-0708
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automati...
Cloudfoundry Java Buildpack
Cloudfoundry Cf-release
7.2
CVSSv3
CVE-2018-1265
Cloud Foundry Diego, release versions before 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps runnin...
Pivotal Software Cloud Foundry Diego
Cloudfoundry Cf-deployment
6.8
CVSSv3
CVE-2018-1268
Cloud Foundry Loggregator, versions 89.x before 89.5 or 96.x before 96.1 or 99.x before 99.1 or 101.x before 101.9 or 102.x before 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious req...
Cloudfoundry Loggregator
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »