Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry cf-release vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-1190
An issue exists in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter o...
Pivotal Uaa Bosh
Pivotal Uaa
Cloudfoundry Cf-release
6.1
CVSSv3
CVE-2017-8047
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishi...
Cloudfoundry Cf-release
Pivotal Routing-release
6.1
CVSSv3
CVE-2015-3190
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an malicious user to insert malicious web page as a redi...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
5.9
CVSSv3
CVE-2016-0708
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automati...
Cloudfoundry Java Buildpack
Cloudfoundry Cf-release
5.9
CVSSv3
CVE-2017-4970
An issue exists in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application ...
Cloudfoundry Cf-release 255
Cloudfoundry Staticfile Buildpack 1.4.1
Cloudfoundry Staticfile Buildpack 1.4.2
Cloudfoundry Staticfile Buildpack 1.4.3
Cloudfoundry Staticfile Buildpack 1.4.0
5.3
CVSSv3
CVE-2016-2169
Cloud Foundry Cloud Controller, capi-release versions before 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for t...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
5.3
CVSSv3
CVE-2017-8031
An issue exists in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions before 30.6, 45.x versions before 45.4, 52.x versions before 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for o...
Cloudfoundry Cf-release
Cloudfoundry Uaa-release
Cloudfoundry Uaa-release 52
4.7
CVSSv3
CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle malicious users to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.
Cloudfoundry Cf-release 196
Cloudfoundry Cf-release 221
Cloudfoundry Cf-release 159
Cloudfoundry Cf-release 162
Cloudfoundry Cf-release 174
Cloudfoundry Cf-release 141
Cloudfoundry Cf-release 152
Cloudfoundry Cf-release 200
Cloudfoundry Cf-release 184
Cloudfoundry Cf-release 222
Cloudfoundry Cf-release 215
Cloudfoundry Cf-release 185
Cloudfoundry Cf-release 218
Cloudfoundry Cf-release 217
Cloudfoundry Cf-release 165
Cloudfoundry Cf-release 173
Cloudfoundry Cf-release 195
Cloudfoundry Cf-release 158
Cloudfoundry Cf-release 212
Cloudfoundry Cf-release 205
Cloudfoundry Cf-release 190
Cloudfoundry Cf-release 148
3.7
CVSSv3
CVE-2015-3189
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerabilit...
Cloudfoundry Cf-release
Pivotal Software Cloud Foundry Elastic Runtime
Pivotal Software Cloud Foundry Uaa
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4