CVE-2018-1266: Cloud Controller file modification via malicious application | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using Cloud Controller version prior to 1.52.0 You are using cf-deployment version prior to 1.21.0 Description Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information...

Cloud Controller, cf-deployment and cf-release authentication vulnerabilities

Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from the Cloud Foundry Foundation in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release version of CF...

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

Improper access control

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

CVE-2018-1195

Cloud Controller (Cloud Foundry) is affected. The vulnerability (CVE-2018-1195) occurs when Cloud Controller versions prior to 1.46.0, cf-deployment prior to 1.3.0, and cf-release prior to 283 accept refresh tokens for authentication in contexts where an access token is expected. Root cause: refr...

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

PT-2018-10918 · Cloud Foundry · Cf-Release +2

Name of the Vulnerable Software and Affected Versions: Cloud Controller versions prior to 1.46.0 cf-deployment versions prior to 1.3.0 cf-release versions prior to 283 Description: The issue allows refresh tokens to be used for authentication where access tokens are expected. This exposes a...

Pivotal CF capi-release, cf-release and cf-deployment application subdomain takeover vulnerability

Pivotal Cloud Foundry CF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software, Inc. that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release of CF. cf-deployment is a development version. version...

Code injection

An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...

CVE-2017-14389: Application Subdomain Takeover via Cloud Foundry Private Domains | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions capi-release All versions prior to 1.45.0 cf-release All versions prior to v280 cf-deployment All versions prior to v1.0.0 Description The Cloud Controller does not prevent space developers from creating...

Design/Logic Flaw

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...

CVE-2017-8048

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...

CVE-2017-8048: Cloud Controller API regression | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions capi-release versions 1.33.0 and later, prior to 1.42.0 cf-release versions 268 and later, prior to 274 Please note: due to a bug in 274, it is not recommended for production use. Deployments should use...

Pivotal Software Cloud Foundry Information Disclosure Vulnerability

Pivotal Software Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other capabilities. cf-release and...

CVE-2017-8037: Incomplete fix for Cloud Controller API access to CC VM Contents | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Versions Affected CAPI-release versions after v1.6.0 and prior to v1.38.0 cf-release versions after v244 and prior to v270 Description This CVE is for an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should als...

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...

Design/Logic Flaw

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...