357 matches found
Multiple Cloud Foundry Products CVE-2019-11289 Denial of Service Vulnerability
Description Multiple Cloud Foundry Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Technologies Affected Cloud Foundry Routing OSS 0.118.0 Cloud Foundry Routing OSS 0.121.0 Cloud...
CVE-2019-11289: Gorouter header denial of service vulnerability | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Description Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash...
Man-in-the-Middle (MitM)
github.com/cloudfoundry/cf-deployment is vulnerable to man-in-the-middle attacks. Dependencies are downloaded via an unencrypted HTTP channel, allowing man-in-the-middle attackers to modify contents of the dependencies that are downloaded by the application, potentially causing arbitrary code...
Code injection
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...
CVE-2019-3801
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...
CVE-2019-3801
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...
CVE-2019-3801
CVE-2019-3801 affects Cloud Foundry cf-deployment versions prior to 7.9.0. The Java components fetch dependencies over an insecure HTTP channel, enabling a remote, unauthenticated attacker to hijack the dependency DNS entry and inject malicious code into the component during build. Practical impa...
CVE-2019-3801 Java Projects using HTTP to fetch dependencies
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...
CVE-2019-3781: CF CLI does not sanitize user's password in verbose/trace/debug | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is high unless otherwise noted. CF CLI All versions prior to v6.43.0 CF CLI Release All versions prior to v1.13.0 CF Networking Release All versions Prior to v2.23.0 CF Routing Release All versions...
Improper access control
In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...
Multiple Vulnerabilities in Pivotal Cloud Foundry cf-deployment
Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release version of...
Code injection
An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...
CVE-2017-14389
An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...
CVE-2017-14389
An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...
CVE-2017-14389
CVE-2017-14389 affects Cloud Foundry Foundation components capi-release (all versions < 1.45.0), cf-release (all versions < v280), and cf-deployment (all versions
CVE-2017-14390
CVE-2017-14390 affects Cloud Foundry cf-deployment v0.35.0, caused by a misconfiguration between Loggregator and syslog-drain that causes logs to be drained to unintended locations. Mitigation is to upgrade to cf-deployment v0.36.0 (and apply the vendor remediation). This vulnerability is documen...
CVE-2017-14390: CF-deployment 0.35.0 syslog misconfiguration | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-deployment v0.35.0 Description A misconfiguration with Loggregator and syslog-drain in cf-deployment causes logs to be drained to unintended locations. Mitigation Users of affected versions should appl...