CVE-2026-22723 UAA User Token Revocation logic error

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

CloudFoundry UAA和CloudFoundry Deployment 安全漏洞

CloudFoundry UAA and CloudFoundry Deployment are both products of the CloudFoundry Foundation. CloudFoundry UAA is a multi-tenant identity management service. CloudFoundry Deployment is a code deployment component. Both CloudFoundry UAA and CloudFoundry Deployment have security vulnerabilities...

CloudFoundry UAA 安全漏洞

CloudFoundry UAA is a multi-tenant identity management service from the CloudFoundry Foundation. A security vulnerability exists in CloudFoundry UAA that stems from an inability to properly validate session information between regions. An attacker exploiting this vulnerability could reuse its...

com.sap.cds:cds-starter-cloudfoundry (>=2.2.0 <=2.4.0), com.sap.cds:cds-starter-k8s (>=2.2.0 <=2.4.0) +5 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security:spring-security (>=3.0.0 <=3.2.1)

com.sap.cloud.security:spring-security MAVEN version =3.0.0, =2.2.0, =2.2.0, =1.0.4, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.4.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

com.sap.cds:cds-starter-cloudfoundry (>=1.19.0 <=1.34.7), com.sap.cds:cds-starter-k8s (>=1.34.0 <=1.34.7) +4 more potentially affected by CVE-2023-50422 +1 more via com.sap.cloud.security.xsuaa:spring-xsuaa (>=1.3.0 <=2.16.0)

com.sap.cloud.security.xsuaa:spring-xsuaa MAVEN version =1.3.0, =1.19.0, =1.34.0, =2.11.16, =2.10.0, =1.3.0, =1.6.0, =2.16.0 Source cves: CVE-2023-50422, CVE-2023-50424 Source advisory: OSV:GHSA-59C9-PXQ8-9C73...

CVE-2023-34061 - Gorouter route pruning | Cloud Foundry

Severity HIGH Vendor CloudFoundry Foundation Versions Affected Routing Release 0.163.0 CF Deployment 0.28.0 Description Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning an...

Security Update for Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML...

Improper Path Sanitisation

cloudfoundry/archiver is vulnerable to improper path sanitization. The vulnerability is due to not sanitizing relative file paths while processing archive entries. This can result in an attacker writing/overwritting files outside of the target directory leading to denial of service or loss of...

Password Disclosure

cloudfoundry is vulnerable to Password Disclosure. The vulnerability exists when kernel audit logging is enabled, which logs every command run on a VM, causing authentication commands of the form cf auth --client-credentials USERNAME PASSWORD to be logged in plaintext to syslog, allowing an...

Denial Of Service (DoS)

github.com/cloudfoundry/gorouter is vulnerable to Denial of Service DoS. The vulnerability is due to premature connection closures, which results in the removal of the selected backend from the routing pool when the application is hosted on Cloud Foundry...

CVE-2018-25046

A flaw was found in the cloudfoundry/archiver package. In affected versions of this package, archives containing relative file paths can cause files to be written or overwritten outside of the target directory due to improper path sanitization...

CVE Report Published for Spring Tools

We have released STS 4.16.1 for Eclipse and Spring VSCode extensions 1.40.0 to address the following CVE report: - CVE-2022-31691: Remote Code Execution via YAML editors in STS4 extensions for Eclipse and VSCode Please review the information in the CVE report and upgrade immediately. Eclipse: STS...

PT-2022-20891 · Spring · Spring Boot Tools +1

Name of the Vulnerable Software and Affected Versions: Spring Tools 4 for Eclipse version 4.16.0 and below Spring Boot Tools version 1.39.0 and below Concourse CI Pipeline Editor version 1.39.0 and below Bosh Editor version 1.39.0 and below Cloudfoundry Manifest YML Support version 1.39.0 and bel...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.8.0 <=4.8.2), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.8.0 <=4.8.2) +1 more potentially affected by CVE-2018-1192 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.8.0 <=4.8.2)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.8.0, =4.8.0, =4.8.0, =4.8.0, =4.8.2 Source cves: CVE-2018-1192 Source advisory: OSV:GHSA-XG5V-696H-C3VR...

org.cloudfoundry.identity:cloudfoundry-identity-api (=3.4.0), org.cloudfoundry.identity:cloudfoundry-identity-app (=3.4.0) +1 more potentially affected by CVE-2016-5016 via org.cloudfoundry.identity:cloudfoundry-identity-server (=3.4.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.cloudfoundry.identity:cloudfoundry-identity-server and may be impacted: - org.cloudfoundry.identity:cloudfoundry-identity-ap...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-5016 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0.2)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-5016 Source advisory: OSV:GHSA-RC2R-W8JV-VGGP...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.6.0 <=4.7.4), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.6.0 <=4.7.4) +1 more potentially affected by CVE-2018-11047 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.6.0 <=4.7.4)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.6.0, =4.6.0, =4.6.0, =4.6.0, =4.7.4 Source cves: CVE-2018-11047 Source advisory: OSV:GHSA-R4V8-9HGX-VM6M...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2018-1190 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.20.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2018-1190 Source advisory: OSV:GHSA-J97Q-9XP9-G5FX...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.1.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.1.0 <=4.11.0) +1 more potentially affected by CVE-2017-8031 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.10.0 <=4.5.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.10.0, =4.1.0, =4.1.0, =3.3.0.6, =4.30.0 Source cves: CVE-2017-8031 Source advisory: OSV:GHSA-J4P3-2M2H-CV5F...