23 matches found
EUVD-2019-2978
Malware in sbrugna...
EUVD-2017-17002
Malware in sbrugna...
EUVD-2017-17003
Malware in sbrugna...
EUVD-2021-9273
Malicious code in bioql PyPI...
CVE-2021-22115
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...
CVE-2021-22115
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...
CVE-2021-22115
Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value of db logging config field is changed. CAPI database logs service broker password in plain text whenever a job to clean up orphaned items is run by Cloud Controller...
CVE-2021-22115
CVE-2021-22115 affects Cloud Foundry Cloud Controller API prior to version 1.106.0. The vulnerability arises because the CAPI database logs service broker passwords in plain text when a job to clean up orphaned items runs, exposing credentials if log access is compromised. Affected product/versio...
Code injection
Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins...
CVE-2019-11294 CAPI leaks service broker URLs and GUIDs to space developers
Cloud Foundry Cloud Controller API CAPI, version 1.88.0, allows space developers to list all global service brokers, including service broker URLs and GUIDs, which should only be accessible to admins...
Pivotal CF capi-release, cf-release and cf-deployment application subdomain takeover vulnerability
Pivotal Cloud Foundry CF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of CF. cf-deployment is a development version. version...
CVE-2017-8048: Cloud Controller API regression | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions capi-release versions 1.33.0 and later, prior to 1.42.0 cf-release versions 268 and later, prior to 274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use...
CVE-2017-8037: Incomplete fix for Cloud Controller API access to CC VM Contents | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270 Description This CVE is for an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should als...
CVE-2017-8035
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...
CVE-2017-8033
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...
Design/Logic Flaw
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...
CVE-2017-8033
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...
Pivotal Software Cloud Foundry cf-release and CAPI-release information disclosure vulnerabilities
Pivotal Software Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other capabilities. cf-release and...
Pivotal CAPI-release Incompletely Fixes Remote Code Execution Vulnerability
Pivotal CAPI-release an open source Platform-as-a-Service PaaS cloud computing platform from U.S.-based Pivotal Software, which provides container scheduling, continuous delivery, and automated service deployment, among other features. A security vulnerability exists in the Cloud Controller API i...
Design/Logic Flaw
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...