60 matches found
CVE-2016-8218
CVE-2016-8218 affects Cloud Foundry’s routing-release (versions prior to 0.142.0) and cf-release (203–231). The issue is incomplete validation in JSON Web Token (JWT) libraries, enabling unprivileged attackers to impersonate other users to the routing API. Remediation: upgrade routing-release to ...
CVE-2017-4970
An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root...
CVE-2016-8219
The CVE affects Cloud Foundry Foundation cf-release before 250 and CAPI-release before 1.12.0. The vulnerability arises because a SpaceAuditor can restage applications, enabling over-privileged actions that could cause application downtime if restaging fails. Mitigation is to upgrade cf-release t...
CVE-2017-4970
CVE-2017-4970 describes a regression in the Cloud Foundry cf-release v255 and Staticfile buildpack v1.4.0–v1.4.3. The Staticfile buildpack regression causes the Staticfile.auth configuration to be ignored when the Staticfile is not present in the application root; apps that contain a Staticfile.a...
Open Redirect Vulnerability in Multiple Pivotal Products at Login
Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release version of PC...
CVE-2016-0780
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value ...
CVE-2015-1834
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file pat...
CVE-2016-0780
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value ...
Input validation
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value ...
CVE-2016-2165
CVE-2016-2165 affects Cloud Foundry cf-release legacy branches: cf-release v231 and older, plus Pivotal Elastic Runtime versions before 1.5.19 and 1.6.x before 1.6.20. The Loggregator Traffic Controller endpoints do not cleanse invalid request URL paths, and these paths are echoed in 404 response...
CVE-2016-0780
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value ...
CVE-2016-0780
CVE-2016-0780 affects cf-release v231 and earlier and Pivotal Cloud Foundry Elastic Runtime: 1.5.x versions before 1.5.17 and 1.6.x versions before 1.6.18. The root cause is improper enforcement of disk quotas, allowing an attacker to use an incorrect quota value to bypass enforcement and exhaust...
Cloud Foundry cf-release exceeds quota vulnerability
Cloud Foundry is an open source multi-cloud application platform as a service PaaS managed by the Cloud Foundry Foundation. An out-of-quota vulnerability exists in Cloud Foundry cf-release, where the "Cloud Controller" in Cloud Foundry cf-release enables a certified developer user to exceed a...
Design/Logic Flaw
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks...
CVE-2017-4969
The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks...
CVE-2017-4969
The CVE-2017-4969 issue affects the Cloud Foundry cf-release Cloud Controller (pre-v255). A design/logic flaw allows authenticated developer users to exceed a task’s memory and disk quotas, enabling overconsumption relative to configured quotas. Impact is described as a quota-exceeding condition ...
CVE-2015-3281 HAProxy vulnerabilities | Cloud Foundry
Severity Medium Vendor HAProxy Versions Affected HAProxy 1.5.x Description It was discovered that HAProxy incorrectly handled certain buffers. A remote attacker could possibly use this issue to obtain sensitive information belonging to previous requests. Affected Products and Versions Severity is...
CVE-2016-9882
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log...
CVE-2016-0713: Gorouter XSS | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description A vulnerability has been discovered in the gorouter process that allows a cross-site-scripting XSS attack. Should a malicious actor intermediate requests from clients to the router, modifying the request to contain malicious code, this...
USN-2739-1 FreeType Vulnerabilities | Cloud Foundry
USN-2739-1 FreeType Vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected libfreetype6 2.5.2-1ubuntu2.5 – FreeType 2 is a font engine library Description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially...