Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloud foundry vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-11294
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release 1.88.0
5
CVSSv2
CVE-2021-1630
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers.
Salesforce Mule
4
CVSSv2
CVE-2020-5418
Cloud Foundry CAPI (Cloud Controller) versions before 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
6.5
CVSSv2
CVE-2018-1266
Cloud Foundry Cloud Controller, versions before 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the abi...
Cloudfoundry Capi-release
6.8
CVSSv2
CVE-2017-8033
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushin...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
5
CVSSv2
CVE-2017-14390
In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.
Pivotal Software Cf-deployment 0.35.0
6.8
CVSSv2
CVE-2017-8036
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller V...
Cloudfoundry Capi-release 1.33.0
5.5
CVSSv2
CVE-2019-3785
Cloud Foundry Cloud Controller, versions before 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the ...
Cloudfoundry Capi-release
5
CVSSv2
CVE-2017-8035
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on ...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
5
CVSSv2
CVE-2016-2169
Cloud Foundry Cloud Controller, capi-release versions before 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for t...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »