Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-1266
Cloud Foundry Cloud Controller, versions before 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the abi...
Cloudfoundry Capi-release
8.1
CVSSv3
CVE-2018-1267
Cloud Foundry Silk CNI plugin, versions before 0.2.0, contains an improper access control vulnerability. If the platform is configured with an application security group (ASG) that overlaps with the Silk overlay network, any applications can reach any other application on the net...
Cloudfoundry Silk-release
6.5
CVSSv3
CVE-2017-4969
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.
Cloudfoundry Cf-release
7.8
CVSSv3
CVE-2019-3782
Cloud Foundry CredHub CLI, versions before 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retriev...
Cloudfoundry Credhub Cli
8.1
CVSSv3
CVE-2019-3785
Cloud Foundry Cloud Controller, versions before 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the ...
Cloudfoundry Capi-release
6.1
CVSSv3
CVE-2019-3788
Cloud Foundry UAA Release, versions before 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA a...
Cloudfoundry Uaa Release
8.8
CVSSv3
CVE-2019-3780
Cloud Foundry Container Runtime, versions before 0.28.0, deploys K8s worker nodes that contains a configuration file with IAAS credentials. A malicious user with access to the k8s nodes can obtain IAAS credentials allowing the user to escalate privileges to gain access to the IAA...
Cloudfoundry Container Runtime
8.8
CVSSv3
CVE-2019-11279
CF UAA versions before 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
Cloudfoundry Uaa Release
5.3
CVSSv3
CVE-2020-5401
Cloud Foundry Routing Release, versions before 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
Cloudfoundry Routing Release
6.5
CVSSv3
CVE-2019-3775
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
Cloudfoundry Uaa Release
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »