Lucene search
+L

60 matches found

Prion
Prion
added 2017/10/04 1:29 a.m.19 views

Open redirect

In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain...

5.8CVSS6.2AI score0.0078EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2017/10/04 1:29 a.m.27 views

Design/Logic Flaw

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...

6.8CVSS7.8AI score0.01245EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2017/10/03 7:0 a.m.65 views

CVE-2017-8048

In Cloud Foundry, CVE-2017-8048 is a regression introduced by the original fix for CVE-2017-8033. Affected are capi-release 1.33.0–1.41.x (prior to 1.42.0) and cf-release 268–273 (prior to 274). The issue enables a space developer to execute arbitrary code on the Cloud Controller VM by pushing a ...

7.8CVSS7.7AI score0.01245EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2017/10/03 7:0 a.m.23 views

CVE-2017-8048

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...

7.8AI score0.01245EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2017/09/25 12:0 a.m.31 views

CVE-2017-8047: Cloud Foundry router open redirect | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions routing-release All versions prior to v0.163.0 cf-release All versions prior to v274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use v275 or later...

6.1CVSS6.4AI score0.0078EPSS
Exploits0
OSV
OSV
added 2017/08/31 2:29 p.m.14 views

CVE-2016-0713

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks via vectors related to modified requests...

4.7CVSS5.7AI score
Exploits0References2
CVE
CVE
added 2017/08/31 2:0 p.m.46 views

CVE-2016-0713

The CVE-2016-0713 entry applies to Cloud Foundry Gorouter in cf-release versions 141–228, where a cross-site scripting (XSS) vulnerability can be exploited when an attacker modifies requests, enabling potential MITM-like behavior and unauthorized operations. Publicly documented impact is XSS via ...

4.7CVSS4.3AI score0.00541EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/08/31 2:0 p.m.24 views

CVE-2016-0713

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks via vectors related to modified requests...

4.4AI score0.00541EPSS
Exploits0References2
NVD
NVD
added 2017/08/21 10:29 p.m.20 views

CVE-2017-8037

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI...

7.5CVSS7.7AI score0.01415EPSS
Exploits0References2
OSV
OSV
added 2017/08/21 10:29 p.m.21 views

CVE-2017-8037

In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI...

7.5CVSS7AI score0.01415EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
added 2017/08/07 12:0 a.m.37 views

CVE-2017-8037: Incomplete fix for Cloud Controller API access to CC VM Contents | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270 Description This CVE is for an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should als...

7.5CVSS7.7AI score0.01415EPSS
Exploits0
OSV
OSV
added 2017/07/25 4:29 a.m.23 views

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...

7.5CVSS6.9AI score0.01387EPSS
Exploits0References1
CVE
CVE
added 2017/07/25 4:0 a.m.54 views

CVE-2017-8033

The CVE-2017-8033 issue affects Cloud Foundry’s Cloud Controller API in capi-release v1.33.0+ and cf-release v268+ (pre-v1.35.0 and pre-v268 respectively), where a filesystem-traversal flaw lets a space developer write arbitrary files on the Cloud Controller VM by pushing a crafted app. The origi...

7.8CVSS7.5AI score0.01018EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2017/07/25 4:0 a.m.30 views

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...

7.6AI score0.01018EPSS
Exploits0References1
CVE
CVE
added 2017/07/25 4:0 a.m.49 views

CVE-2017-8035

CVE-2017-8035 targets the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and before v1.35.0 (and cf-release after v244 and before v268). A carefully crafted CAPI request from a Space Developer can gain access to files on the Cloud Controller VM for that instal...

7.5CVSS7.4AI score0.01387EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2017/07/17 2:0 p.m.52 views

CVE-2017-8034

CVE-2017-8034 affects Cloud Foundry components: Cloud Controller and Router in CAPI release capi < v1.32.0, Routing-release < v0.159.0, CF-release

6.6CVSS6.5AI score0.00751EPSS
Exploits0References1Affected Software3
NVD
NVD
added 2017/06/13 6:29 a.m.28 views

CVE-2016-8218

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...

9.8CVSS9.3AI score0.01297EPSS
Exploits0References1
Prion
Prion
added 2017/06/13 6:29 a.m.17 views

Input validation

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...

7.5CVSS7AI score0.01297EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2017/06/13 6:0 a.m.59 views

CVE-2017-4992

CVE-2017-4992 affects Cloud Foundry components including cf-release prior to v261 and UAA releases prior to specified versions (2.x before 2.7.4.17, 3.6.x before 3.6.11, 3.9.x before 3.9.13, and other versions before v4.2.0; UAA bosh releases prior to 13.x before 13.15, 24.x before 24.10, 30.x be...

9.8CVSS9.5AI score0.01167EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2017/06/13 6:0 a.m.49 views

CVE-2016-8219

The CVE affects Cloud Foundry Foundation cf-release before 250 and CAPI-release before 1.12.0. The vulnerability arises because a SpaceAuditor can restage applications, enabling over-privileged actions that could cause application downtime if restaging fails. Mitigation is to upgrade cf-release t...

6.5CVSS6.3AI score0.00974EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder