Design/Logic Flaw

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...

Design/Logic Flaw

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...

CVE-2017-8033

The CVE-2017-8033 issue affects Cloud Foundry’s Cloud Controller API in capi-release v1.33.0+ and cf-release v268+ (pre-v1.35.0 and pre-v268 respectively), where a filesystem-traversal flaw lets a space developer write arbitrary files on the Cloud Controller VM by pushing a crafted app. The origi...

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...

Pivotal Software Cloud Foundry cf-release and CAPI-release information disclosure vulnerabilities

Pivotal Software Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other capabilities. cf-release and...

Pivotal Software Cloud Foundry cf-release and CAPI-release path traversal vulnerabilities

Pivotal Software Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other capabilities. cf-release and...

Pivotal CAPI-release Incompletely Fixes Remote Code Execution Vulnerability

Pivotal CAPI-release an open source Platform-as-a-Service PaaS cloud computing platform from U.S.-based Pivotal Software, which provides container scheduling, continuous delivery, and automated service deployment, among other features. A security vulnerability exists in the Cloud Controller API i...

Design/Logic Flaw

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...

CVE-2017-8036

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...

CVE-2017-8036

CVE-2017-8036 affects Cloud Foundry Foundation Cloud Controller API via a regression introduced by the fix for CVE-2017-8033 in CAPI-release 1.33.0 (only). A space developer can push a crafted app to execute arbitrary code on the Cloud Controller VM. The issue, tied to the same regression path as...

CVE-2017-8036

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...

Elevation of Privilege Vulnerability in Multiple Pivotal Products

Pivotal Software Cloud Foundry CF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment, among other features.CF-release is a release of CF.CAPI-release capi and...

Multiple Pivotal Product Catalog Traversal Vulnerabilities

Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment. elastic Runtime is a runtime environment for PCF. cf-release is a release version of CF....

CVE-2015-1834

A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file pat...

CVE-2015-1834

CVE-2015-1834 is a path-traversal vulnerability in the Cloud Foundry Cloud Controller. Affected products include cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime prior to 1.4.2. The root cause is path traversal via user-supplied file path parameters (e.g., ../ sequences...

Cloud Foundry Information Disclosure Vulnerability

Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from the Cloud Foundry Foundation, which provides container scheduling, continuous delivery, and automated service deployment.Cloud Controller is one of the cloud controllers. A security vulnerability exists in...

CVE-2016-5006

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors...

CVE-2016-5006

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors...

CVE-2016-5006

Summary: CVE-2016-5006 affects the Cloud Foundry Cloud Controller prior to v239. When creating a user-provided service, the Cloud Controller logs the entire UPS object, including credentials, which could expose sensitive user credentials via unspecified vectors. Affected versions: CF releases bef...