12 matches found
MINI-2MF8-H5VG-CFCR
Bulletin has no description...
CGA-895X-8FHR-CFCR
Bulletin has no description...
CVE-2019-11247: Kubernetes API Server Vulnerability | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Description The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and ro...
Design/Logic Flaw
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. Th...
CVE-2019-3786 BBR could run arbitrary scripts on deployment VMs
Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. Th...
CVE-2019-3786: BBR could run arbitrary scripts on deployment VMs | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions BOSH Backup and Restore All versions prior to v1.5.0 Description Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote...
CVE-2019-1002101: Kubernetes kubectl - potential directory traversal | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Cloud Foundry Container Runtime CFCR All versions prior to 0.31.0 Description A security issue was discovered with the Kubernetes kubectl cp command that could enable a directory traversal replacing or...
CVE-2019-1002100: Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Cloud Foundry Container Runtime CFCR All versions prior to 0.31.0 Description In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the...
CVE-2019-5736: runC container breakout | Cloud Foundry
Severity High Vendor Open Container Initiative Affected Cloud Foundry Products and Versions Severity is High unless otherwise noted. BPM All prior to v1.0.3 Cloud Foundry Container Runtime CFCR All versions prior to v0.29.0 Docker BOSH Release All versions prior to v34.0.0 Garden runC All version...
CVE-2018-18264: Kubernetes Dashboard TLS Certificate Leak | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Cloud Foundry Container Runtime CFCR All versions prior to 0.26.0 Description Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard’s Service Account for reading...
CVE-2018-1002105: Proxy request handling in kube-apiserver can leave vulnerable TCP connections | Cloud Foundry
Severity Critical Vendor Kubernetes Affected Cloud Foundry Products and Versions CFCR Release All versions prior to v0.25.0 Description With a specially crafted request, users are able to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests ove...
CVE-2018-1223: CFCR leaks credentials to application logs | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions kubo-release versions prior to 0.14.0 Description Cloud Foundry Container Runtime kubo-release, versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the...