Cloud Foundry CAPI (Cloud Controller) versions before 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cloudfoundry capi-release |
||
cloudfoundry cf-deployment |