OPENSUSE-SU-2026:10688-1 cf-cli-8.18.3+git.0.83ce51d9c-1.1 on GA media

These are all security issues fixed in the cf-cli-8.18.3+git.0.83ce51d9c-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27

CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27. A patched version of the package is available...

AZL-76830 CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

EUVD-2019-13412

Malware in sbrugna...

AZL-77493 CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-31297 CVE-2023-44487 affecting package cf-cli for versions less than 8.4.0-13

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

SUSE CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

SUSE CVE-2019-3781

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password...

AZL-33572 CVE-2022-32149 affecting package cf-cli for versions less than 8.4.0-21

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

CVE-2019-3781

CVE-2019-3781 affects Cloud Foundry CLI (cf-cli) prior to version 6.43.0. The root cause is improper redaction of passwords in verbose/trace/debug logging, enabling either local or remote attackers with log access to obtain part or all of a user’s password. Public docs from SUSE and OSV confirm t...

CVE-2019-3781 CF CLI does not sanitize user's password in verbose/trace/debug

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password...