Vulnerabilities (CVE)

Vendor filter

Cloudfoundry Subscribe

Filter

30 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1193 1 Cloudfoundry 2 Cf-deployment, Routing-release 2019-10-03 5.0
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only...
CVE-2017-8037 1 Cloudfoundry 2 Capi-release, Cf-release 2019-03-22 5.0
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also...
CVE-2016-0708 1 Cloudfoundry 1 Cf-release 2018-09-11 4.3
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they...
CVE-2017-4964 2 Cloud Foundry Foundation, Cloudfoundry 2 Bosh Azure Cpi, Bosh Azure Cpi 2018-06-13 4.6
Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability."
CVE-2016-2169 1 Cloudfoundry 1 Cf-release 2018-05-24 5.0
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service...
CVE-2016-6658 2 Cloudfoundry, Pivotal Software 2 Cf-release, Cloud Foundry Elastic Runtime 2018-04-24 4.0
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to...
CVE-2016-9882 2 Cloud Foundry, Cloudfoundry 4 Cf-release, Capi-release, Capi-release and 1 more 2017-11-08 5.0
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These...
CVE-2016-6655 2 Cloud Foundry, Cloudfoundry 4 Cf-release, Cf-mysql-release, Cf-mysql-release and 1 more 2017-11-08 7.5
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry...
CVE-2016-8218 2 Cloud Foundry, Cloudfoundry 4 Cf-release, Routing-release, Cf-release and 1 more 2017-11-08 7.5
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other...
CVE-2016-0713 1 Cloudfoundry 1 Cf-release 2017-09-05 2.6
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.