19 matches found
EUVD-2019-2965
Malware in sbrugna...
EUVD-2018-7659
Malware in sbrugna...
CVE-2023-20885
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions...
CVE-2023-20885
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions...
Design/Logic Flaw
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions...
CVE-2023-20885
CVE-2023-20885 affects Cloud Foundry components: Notifications, SMB-volume, and cf-nfs-volume. The root issue is leakage of credentials through kernel audit logs, where arguments passed to binaries that access the filesystem can disclose admin/service credentials (e.g., cf auth --client-credentia...
CVE-2023-20885 CF workflows leak credentials in system audit logs
Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions...
PT-2023-17688 · Cloud Foundry · Cloud Foundry Nfs Volume +2
Name of the Vulnerable Software and Affected Versions: Cloud Foundry Notifications versions prior to 63 Cloud Foundry SMB-volume release versions prior to 3.1.19 Cloud Foundry cf-nfs-volume release versions prior to 5.0.27 Cloud Foundry cf-nfs-volume release versions prior to 7.1.19 Description:...
CVE-2019-17596: x509 parsing in Golang can cause panic | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Various Cloud Foundry components are written in Go and are therefore vulnerable to a denial of service attack. Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public...
CVE-2019-11277
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...
CVE-2019-11277
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...
CVE-2019-11277 Volume Services is vulnerable to an LDAP injection attack
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...
CVE-2019-11277: Volume Services is vulnerable to an LDAP injection attack | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance...
CVE-2018-15797
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry...
CVE-2018-15797
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry...
Default credentials
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry...
CVE-2018-15797
The CVE affects Cloud Foundry NFS volume release versions 1.2.x before 1.2.5, 1.5.x before 1.5.4, and 1.7.x before 1.7.3. A remote authenticated user with access to BOSH can obtain the CF admin username and password from logs produced by the nfsbrokerpush deploy errand, exposing admin credentials...
CVE-2018-15797 NFS Volume release errand leaks cf admin credentials in logs
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry...
CVE-2018-15797: NFS volume release errand leaks CF admin credentials in logs | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions NFS volume release 1.2.x prior to 1.2.5 1.5.x prior to 1.5.4 1.7.x prior to 1.7.3 Description Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf...