Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloud foundry vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34061
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.
Pivotal Cloud Foundry Deployment
Pivotal Cloud Foundry Routing Release
NA
CVE-2023-34041
Cloud foundry routing release versions before 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.
Cloudfoundry Routing-release
Cloudfoundry Cf-deployment
NA
CVE-2023-20885
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions before 63; SMB-volume release: All versions before 3.1.19; cf-nfs-volume release: 5.0.X versions before 5.0.27, 7.1.X...
Pivotal Cloud Foundry Smb Volume
Pivotal Cloud Foundry Notifications
Pivotal Cloud Foundry Nfs Volume
NA
CVE-2023-20882
In Cloud foundry routing release versions from 0.262.0 and before 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the curre...
Cloudfoundry Routing Release
Cloudfoundry Cf-deployment
NA
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This...
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release
Cloudfoundry Loggregator-agent
NA
CVE-2023-20873
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6...
Vmware Spring Boot
NA
CVE-2023-20903
This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the ...
Cloudfoundry User Account And Authentication
445
VMScore
CVE-2021-22100
In cloud foundry CAPI versions before 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for any...
Cloudfoundry Capi-release
Cloudfoundry Cf-deployment
445
VMScore
CVE-2021-1630
XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers.
Salesforce Mule
356
VMScore
CVE-2020-5422
BOSH System Metrics Server releases before 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).
Cloud Foundry Bosh System Metrics Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »