60 matches found
Open redirect
In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain...
Design/Logic Flaw
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...
CVE-2017-8048
In Cloud Foundry, CVE-2017-8048 is a regression introduced by the original fix for CVE-2017-8033. Affected are capi-release 1.33.0–1.41.x (prior to 1.42.0) and cf-release 268–273 (prior to 274). The issue enables a space developer to execute arbitrary code on the Cloud Controller VM by pushing a ...
CVE-2017-8048
In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...
CVE-2017-8047: Cloud Foundry router open redirect | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions routing-release All versions prior to v0.163.0 cf-release All versions prior to v274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use v275 or later...
CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks via vectors related to modified requests...
CVE-2016-0713
The CVE-2016-0713 entry applies to Cloud Foundry Gorouter in cf-release versions 141–228, where a cross-site scripting (XSS) vulnerability can be exploited when an attacker modifies requests, enabling potential MITM-like behavior and unauthorized operations. Publicly documented impact is XSS via ...
CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks via vectors related to modified requests...
CVE-2017-8037
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI...
CVE-2017-8037
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI...
CVE-2017-8037: Incomplete fix for Cloud Controller API access to CC VM Contents | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270 Description This CVE is for an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should als...
CVE-2017-8035
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...
CVE-2017-8033
The CVE-2017-8033 issue affects Cloud Foundry’s Cloud Controller API in capi-release v1.33.0+ and cf-release v268+ (pre-v1.35.0 and pre-v268 respectively), where a filesystem-traversal flaw lets a space developer write arbitrary files on the Cloud Controller VM by pushing a crafted app. The origi...
CVE-2017-8033
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...
CVE-2017-8035
CVE-2017-8035 targets the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and before v1.35.0 (and cf-release after v244 and before v268). A carefully crafted CAPI request from a Space Developer can gain access to files on the Cloud Controller VM for that instal...
CVE-2017-8034
CVE-2017-8034 affects Cloud Foundry components: Cloud Controller and Router in CAPI release capi < v1.32.0, Routing-release < v0.159.0, CF-release
CVE-2016-8218
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...
Input validation
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...
CVE-2017-4992
CVE-2017-4992 affects Cloud Foundry components including cf-release prior to v261 and UAA releases prior to specified versions (2.x before 2.7.4.17, 3.6.x before 3.6.11, 3.9.x before 3.9.13, and other versions before v4.2.0; UAA bosh releases prior to 13.x before 13.15, 24.x before 24.10, 30.x be...
CVE-2016-8219
The CVE affects Cloud Foundry Foundation cf-release before 250 and CAPI-release before 1.12.0. The vulnerability arises because a SpaceAuditor can restage applications, enabling over-privileged actions that could cause application downtime if restaging fails. Mitigation is to upgrade cf-release t...