CVE-2021-44716 affecting package cf-cli for versions less than 8.4.0-16

CVE-2021-44716 affecting package cf-cli for versions less than 8.4.0-16. A patched version of the package is available...

AZL-34589 CVE-2023-48795 affecting package cf-cli for versions less than 8.7.11-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13

CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13. A patched version of the package is available...

AZL-34590 CVE-2023-39325 affecting package cf-cli for versions less than 8.7.3-2

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

AZL-33571 CVE-2021-44716 affecting package cf-cli for versions less than 8.4.0-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

SUSE: Security Advisory (SUSE-SU-2019:1220-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1220-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability of Embedded CF CLI In IBM Cloud CLI

Summary Default embedded CF CLI in IBM Cloud CLI version prior to 0.20.0 contains a security vulnerability which might expose customer credentials. Vulnerability Details CVEID: CVE-2019-3800 DESCRIPTION: CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret t...

CVE-2019-17596: x509 parsing in Golang can cause panic | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Description Various Cloud Foundry components are written in Go and are therefore vulnerable to a denial of service attack. Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public...

CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

Design/Logic Flaw

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800 CF CLI writes the client id and secret to config file

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800

CF CLI before v6.45.0 (bosh release 1.16.0) stores the client id and secret in the CLI config file upon authentication with --client-credentials. A local authenticated user with access to that config can impersonate the leaked client. Impact is high for confidentiality and integrity of the creden...

SUSE SLED15 / SLES15 Security Update : cf-cli (SUSE-SU-2019:1220-2)

"This update for cf-cli fixes the following issues : cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story Improves cf delete-orphaned-routes such that it uses a...

SUSE-SU-2019:1220-2 Security update for cf-cli

This update for cf-cli fixes the following issues: cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : - cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story - Improves cf delete-orphaned-routes such that it uses a...

openSUSE Security Update : cf-cli (openSUSE-2019-1429)

"This update for cf-cli fixes the following issues : cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : - cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story - Improves cf delete-orphaned-routes such that it uses a...

SUSE SLED15 / SLES15 Security Update : cf-cli (SUSE-SU-2019:1220-1)

"This update for cf-cli fixes the following issues : cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story Improves cf delete-orphaned-routes such that it uses a...

SUSE-SU-2019:1220-1 Security update for cf-cli

This update for cf-cli fixes the following issues: cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : - cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story - Improves cf delete-orphaned-routes such that it uses a...

CVE-2019-3781: CF CLI does not sanitize user's password in verbose/trace/debug | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is high unless otherwise noted. CF CLI All versions prior to v6.43.0 CF CLI Release All versions prior to v1.13.0 CF Networking Release All versions Prior to v2.23.0 CF Routing Release All versions...