Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-5401
Cloud Foundry Routing Release, versions before 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
Cloudfoundry Routing Release
2.1
CVSSv2
CVE-2019-3782
Cloud Foundry CredHub CLI, versions before 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retriev...
Cloudfoundry Credhub Cli
4
CVSSv2
CVE-2019-3789
Cloud Foundry Routing Release, all versions before 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route servic...
Cloudfoundry Routing Release
6
CVSSv2
CVE-2019-3798
Cloud Foundry Cloud Controller API Release, versions before 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalat...
Cloudfoundry Capi-release
5.5
CVSSv2
CVE-2018-11084
Cloud Foundry Garden-runC release, versions before 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scal...
Cloudfoundry Garden-runc
6.5
CVSSv2
CVE-2018-1266
Cloud Foundry Cloud Controller, versions before 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the abi...
Cloudfoundry Capi-release
6.8
CVSSv2
CVE-2018-1267
Cloud Foundry Silk CNI plugin, versions before 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the net...
Cloudfoundry Silk-release
4
CVSSv2
CVE-2019-3775
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
Cloudfoundry Uaa Release
4
CVSSv2
CVE-2019-3779
Cloud Foundry Container Runtime, versions before 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate le...
Cloudfoundry Container Runtime
6.5
CVSSv2
CVE-2019-3780
Cloud Foundry Container Runtime, versions before 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAA...
Cloudfoundry Container Runtime
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »