Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-1277
Cloud Foundry Garden-runC, versions before 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially cau...
Cloudfoundry Garden-runc
Cloudfoundry Cf-deployment
5.9
CVSSv3
CVE-2016-0708
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automati...
Cloudfoundry Java Buildpack
Cloudfoundry Cf-release
8.8
CVSSv3
CVE-2018-1191
Cloud Foundry Garden-runC, versions before 1.11.0, contains an information exposure vulnerability. A user with access to Garden logs may be able to obtain leaked credentials and perform authenticated actions using those credentials.
Cloudfoundry Cf-deployment
Cloudfoundry Garden-runc-release
4.3
CVSSv3
CVE-2019-11294
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins.
Cloudfoundry Cf-deployment
Cloudfoundry Capi-release 1.88.0
8.1
CVSSv3
CVE-2019-11277
Cloud Foundry NFS Volume Service, 1.7.x versions before 1.7.11 and 2.x versions before 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space deve...
Cloudfoundry Cf-deployment
Cloudfoundry Nfs Volume Release
9.8
CVSSv3
CVE-2016-6655
An issue exists in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability exists in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to...
Cloudfoundry Cf-release
Cloudfoundry Cf-mysql-release
6.1
CVSSv3
CVE-2021-22098
UAA server versions before 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicio...
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
7.5
CVSSv3
CVE-2019-11290
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
6.5
CVSSv3
CVE-2019-11293
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided vi...
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
8.8
CVSSv3
CVE-2020-5402
In Cloud Foundry UAA, versions before 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »