Lucene search
K

94 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-44795

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS0.01001EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-44795 Spinnaker: Non-safe yaml deserialization allowing RCE when using specific types

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS0.01001EPSS
Exploits0References4
OSV
OSV
added 5 days ago3 views

CVE-2026-44795 Spinnaker: Non-safe yaml deserialization allowing RCE when using specific types

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS6.3AI score0.01001EPSS
Exploits0References6
Snyk
Snyk
added 6 days ago4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the bosh create-env and bosh delete-env processes. An attacker can gain unauthorized access to sensitive credentials and execute arbitrary code with root privileges by performing a man-in-the-middle...

8.9CVSS7.2AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51444

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...

8.8CVSS6.6AI score0.01001EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50566

Name of the Vulnerable Software and Affected Versions Steeltoe.Security.Authentication.CloudFoundryBase versions prior to 3.4.0 Steeltoe.Security.Authentication.JwtBearer versions prior to 4.2.0 Steeltoe.Security.Authentication.OpenIdConnect versions prior to 4.2.0 Description The JWT signing key...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References9
CVE
CVE
added 2026/06/01 5:36 p.m.32 views

CVE-2026-41013

CVE-2026-41013 describes an input validation bypass in the SMB volume mount handling of CloudFoundry Foundation’s diego-release. The vulnerability allows a low-privileged CF space developer to inject arbitrary kernel CIFS mount options by bypassing the mount-option allowlist, enabling privilege e...

8.1CVSS5.9AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:36 p.m.16 views

EUVD-2026-33727

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

8.1CVSS5.9AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

CloudFoundry CF Deployment 安全漏洞

CloudFoundry CF Deployment is a code deployment component of the CloudFoundry Foundation. There is a security vulnerability in CloudFoundry CF Deployment, which stems from a bypass of input validation during SMB volume mounting processes. This vulnerability could allow developers with low...

8.1CVSS5.5AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

CloudFoundry CF Deployment 和CloudFoundry Routing release 安全漏洞

CloudFoundry CF Deployment and CloudFoundry Routing are both products of the CloudFoundry Foundation. CloudFoundry CF Deployment is a code deployment component. CloudFoundry Routing release is a collection of application routing components. Both CloudFoundry CF Deployment and CloudFoundry Routing...

5CVSS5.9AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 11:17 p.m.5 views

CVE-2026-22726 Route Services Firewall Bypass

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

5CVSS5.8AI score0.00199EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 2:26 p.m.6 views

Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot

Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...

8.2CVSS5.8AI score0.0036EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/03/20 12:38 a.m.6 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFound...

9.2CVSS5.8AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 12:38 a.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFound...

9.2CVSS5.8AI score0.0036EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/20 12:31 a.m.5 views

EUVD-2026-13349

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 12:31 a.m.2 views

GHSA-MGVC-8Q2H-5PGC Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS5.9AI score0.0036EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/20 12:31 a.m.5 views

Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/20 12:16 a.m.3 views

CVE-2026-22733

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS0.0036EPSS
Exploits0References1
Rows per page
Query Builder