| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-1193 |
1 Cloudfoundry |
2 Cf-deployment, Routing-release |
2019-10-03 |
5.0 |
| Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only... |
| CVE-2017-8037 |
1 Cloudfoundry |
2 Capi-release, Cf-release |
2019-03-22 |
5.0 |
| In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also... |
| CVE-2016-0708 |
1 Cloudfoundry |
1 Cf-release |
2018-09-11 |
4.3 |
| Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they... |
| CVE-2017-4964 |
2 Cloud Foundry Foundation, Cloudfoundry |
2 Bosh Azure Cpi, Bosh Azure Cpi |
2018-06-13 |
4.6 |
| Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." |
| CVE-2016-2169 |
1 Cloudfoundry |
1 Cf-release |
2018-05-24 |
5.0 |
| Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service... |
| CVE-2016-6658 |
2 Cloudfoundry, Pivotal Software |
2 Cf-release, Cloud Foundry Elastic Runtime |
2018-04-24 |
4.0 |
| Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to... |
| CVE-2016-9882 |
2 Cloud Foundry, Cloudfoundry |
4 Cf-release, Capi-release, Capi-release and 1 more |
2017-11-08 |
5.0 |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These... |
| CVE-2016-6655 |
2 Cloud Foundry, Cloudfoundry |
4 Cf-release, Cf-mysql-release, Cf-mysql-release and 1 more |
2017-11-08 |
7.5 |
| An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry... |
| CVE-2016-8218 |
2 Cloud Foundry, Cloudfoundry |
4 Cf-release, Routing-release, Cf-release and 1 more |
2017-11-08 |
7.5 |
| An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other... |
| CVE-2016-0713 |
1 Cloudfoundry |
1 Cf-release |
2017-09-05 |
2.6 |
| Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. |
