| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2017-8034 |
2 Cloud Foundry, Cloudfoundry |
6 Cf-release, Capi-release, Routing-release and 3 more |
2019-10-03 |
6.0 |
| The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With... |
| CVE-2018-1193 |
1 Cloudfoundry |
2 Cf-deployment, Routing-release |
2019-10-03 |
5.0 |
| Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only... |
| CVE-2016-8218 |
2 Cloud Foundry, Cloudfoundry |
4 Cf-release, Routing-release, Cf-release and 1 more |
2017-11-08 |
7.5 |
| An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other... |
