Vulnerabilities (CVE)

Vendor filter

Cloud Foundry Subscribe

Product filter

Staticfile Buildpack Subscribe

Filter

12 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-15800 1 Cloud Foundry 1 Bits Service 2019-10-09 3.5
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the...
CVE-2018-15755 1 Cloud Foundry 1 Cf-networking 2019-10-09 6.5
Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, contain an internal api endpoint vulnerable to SQL injection between Diego cells and the policy server. A remote authenticated malicious user with mTLS certs can issue...
CVE-2017-4969 2 Cloud Foundry, Cloudfoundry 2 Cf-release, Cf-release 2019-10-03 6.8
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.
CVE-2017-8034 2 Cloud Foundry, Cloudfoundry 6 Cf-release, Capi-release, Routing-release and 3 more 2019-10-03 6.0
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With...
CVE-2017-4961 1 Cloud Foundry 1 Bosh 2019-10-03 6.5
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their...
CVE-2017-4970 2 Cloud Foundry, Cloudfoundry 4 Staticfile Buildpack, Cf-release, Cf-release and 1 more 2019-10-03 4.3
An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static...
CVE-2018-1269 1 Cloud Foundry 1 Loggregator 2019-08-14 4.0
Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing certain http requests. A remote authenticated...
CVE-2016-6639 2 Pivotal, Cloud Foundry 3 Php Buildpack, Cloud Foundry Elastic Runtime, Cloud Foundry Php Buildpack 2018-08-09 5.0
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the...
CVE-2016-9882 2 Cloud Foundry, Cloudfoundry 4 Cf-release, Capi-release, Capi-release and 1 more 2017-11-08 5.0
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These...
CVE-2016-6655 2 Cloud Foundry, Cloudfoundry 4 Cf-release, Cf-mysql-release, Cf-mysql-release and 1 more 2017-11-08 7.5
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry...
CVE-2016-8218 2 Cloud Foundry, Cloudfoundry 4 Cf-release, Routing-release, Cf-release and 1 more 2017-11-08 7.5
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other...
CVE-2016-3091 1 Cloud Foundry 1 Diego 2017-06-15 5.0
Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.