Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloud foundry vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-1630
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers.
Salesforce Mule
356
VMScore
CVE-2019-11294
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release 1.88.0
356
VMScore
CVE-2020-5418
Cloud Foundry CAPI (Cloud Controller) versions before 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
578
VMScore
CVE-2018-1266
Cloud Foundry Cloud Controller, versions before 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the abi...
Cloudfoundry Capi-release
605
VMScore
CVE-2017-8033
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushin...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
445
VMScore
CVE-2017-14390
In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.
Pivotal Software Cf-deployment 0.35.0
605
VMScore
CVE-2017-8036
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller V...
Cloudfoundry Capi-release 1.33.0
490
VMScore
CVE-2019-3785
Cloud Foundry Cloud Controller, versions before 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the ...
Cloudfoundry Capi-release
445
VMScore
CVE-2017-8035
An issue exists in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on ...
Cloudfoundry Cf-release
Cloudfoundry Capi-release
445
VMScore
CVE-2016-2169
Cloud Foundry Cloud Controller, capi-release versions before 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for t...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »