84 matches found
org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.6.0 <=4.7.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.6.0 <=4.7.0) +1 more potentially affected by CVE-2017-8031 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.6.0 <=4.7.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.6.0, =4.6.0, =4.6.0, =4.6.0, =4.7.0 Source cves: CVE-2017-8031 Source advisory: OSV:GHSA-J4P3-2M2H-CV5F...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2017-8031 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.20.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2017-8031 Source advisory: OSV:GHSA-J4P3-2M2H-CV5F...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-6637 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0.4)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-6637 Source advisory: OSV:GHSA-4M8C-H7FR-GQ5C...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.4.0 <=3.4.3), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.4.0 <=3.4.3) +1 more potentially affected by CVE-2016-6637 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.4.0 <=3.4.3)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.4.0, =3.4.0, =3.4.0, =3.4.0, =3.4.3 Source cves: CVE-2016-6637 Source advisory: OSV:GHSA-4M8C-H7FR-GQ5C...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.1.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.1.0 <=4.11.0) +1 more potentially affected by CVE-2017-8032 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.10.0 <=4.3.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.10.0, =4.1.0, =4.1.0, =3.3.0.6, =4.30.0 Source cves: CVE-2017-8032 Source advisory: OSV:GHSA-9FRW-WMVQ-5RRC...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-8032 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-8032 Source advisory: OSV:GHSA-9FRW-WMVQ-5RRC...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-4974 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-4974 Source advisory: OSV:GHSA-CW9C-V3V2-99HM...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2017-4991 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.6.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2017-4991 Source advisory: OSV:GHSA-CGRG-X34R-78F3...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.16.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.16.0) +1 more potentially affected by CVE-2017-4991 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.16.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.16.0 Source cves: CVE-2017-4991 Source advisory: OSV:GHSA-CGRG-X34R-78F3...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.15.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.15.0) +1 more potentially affected by CVE-2017-4974 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.15.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.15.0 Source cves: CVE-2017-4974 Source advisory: OSV:GHSA-CW9C-V3V2-99HM...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.13.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.13.0) +1 more potentially affected by CVE-2017-4973 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.13.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.13.0 Source cves: CVE-2017-4973 Source advisory: OSV:GHSA-PGJC-GC7G-P2C6...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-4973 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-4973 Source advisory: OSV:GHSA-PGJC-GC7G-P2C6...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2017-4973 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.6.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2017-4973 Source advisory: OSV:GHSA-PGJC-GC7G-P2C6...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-3084 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-3084 Source advisory: OSV:GHSA-FM5C-2RWC-887W...
org.cloudfoundry.identity:cloudfoundry-identity-api (=3.10.0), org.cloudfoundry.identity:cloudfoundry-identity-app (=3.10.0) +1 more potentially affected by CVE-2017-4960 via org.cloudfoundry.identity:cloudfoundry-identity-server (=3.10.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.cloudfoundry.identity:cloudfoundry-identity-server and may be impacted: - org.cloudfoundry.identity:cloudfoundry-identity-a...
Denial Of Service (DoS)
github.com/cloudfoundry/gorouter is vulnerable to denial of service DoS. The vulnerability exists as it fails to return an unknown failure error when panics occur through cf push requests...
Denial Of Service (DoS)
github.com/cloudfoundry/cf-deployment is vulnerable to denial of service DoS. The vulnerability exists as the routing-release dependency used contained GoRouter. This allows invalid headers to be sent, to cause caching layers to reject subsequent clients...
GSA Bounty: Cache poisoning DoS to various TTS assets
I have recently come across a technique to force a Cloudfoundry app to return a HTTP 404 error when requesting any resource, which contains cache friendly headers. What this means is, if the Cloudfoundry app in question is behind a web cache like Cloudfront or Cloudflare etc, it will possibly sto...
Information Disclosure
cloudfoundry-identity-server is vulnerable to information disclosure. A remotely authenticated attacker with scim.invite scope is able to obtain information about users of the UAA via blind SCIM injection through the email parameter...
Information Disclosure
github.com/cloudfoundry/smbdriver is vulnerable to information disclosure. Confidential information such as volume usernames and passwords are written into the SMB volume logs, allowing a remote user with access to the logs to retrieve the credentials and gain access to the SMB volumes of other...